LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 06-17-2003, 02:12 PM   #1
lkalman
LQ Newbie
 
Registered: Jun 2003
Posts: 12

Rep: Reputation: 0
port 22: connection refused


Could anybody tell me what the necessary and sufficient conditions are for a PC running RedHat 9 to accept ssh (scp etc.) connections? My box is connected to a local gateway and thus I set "no firewall" through redhat-config-securitylevel, yet I get a "Connection refused" (port 22) if I try to ssh it from other machines in the same network (ping works).

I didn't have this problem on another machine, on which I installed RedHat 9 from scratch; on the problematic one I upgraded a non-networked RedHat 7.3, so I believe that must be be related to the problem.

Any suggestions?

Thanx
 
Old 06-17-2003, 02:16 PM   #2
jstu
Member
 
Registered: Jan 2002
Distribution: slackware
Posts: 193

Rep: Reputation: 30
And ssh server is running.
 
Old 06-17-2003, 02:27 PM   #3
lkalman
LQ Newbie
 
Registered: Jun 2003
Posts: 12

Original Poster
Rep: Reputation: 0
yeap:
root 589 0.3 0.0 3504 0 ? SW 21:23 0:00 /usr/sbin/sshd
 
Old 06-17-2003, 02:31 PM   #4
jstu
Member
 
Registered: Jan 2002
Distribution: slackware
Posts: 193

Rep: Reputation: 30
Does a port scan from a remote box show that 22 is open? And is there a firewall on any of the remote boxes.
 
Old 06-17-2003, 02:54 PM   #5
lkalman
LQ Newbie
 
Registered: Jun 2003
Posts: 12

Original Poster
Rep: Reputation: 0
Humm. Port 22 is reported `closed' by nmap on the other box.
Yeah, the other box (which is connected to my ISP) has a firewall.
 
Old 06-17-2003, 02:59 PM   #6
jstu
Member
 
Registered: Jan 2002
Distribution: slackware
Posts: 193

Rep: Reputation: 30
See if ssh 127.0.0.1 works.
 
Old 06-17-2003, 03:10 PM   #7
lkalman
LQ Newbie
 
Registered: Jun 2003
Posts: 12

Original Poster
Rep: Reputation: 0
Sorry, I forgot to say, I had checked that out before: it does.
 
Old 06-17-2003, 03:20 PM   #8
jstu
Member
 
Registered: Jan 2002
Distribution: slackware
Posts: 193

Rep: Reputation: 30
Then I dont know either the external boxes have firewalls limiting what gets out or the hosts.deny or hosts.allow files are limiting ssh.
 
Old 06-17-2003, 03:25 PM   #9
lkalman
LQ Newbie
 
Registered: Jun 2003
Posts: 12

Original Poster
Rep: Reputation: 0
I set up the firewall on the other box using redhat-config-securitylevel, and I marked the ethernet interface going to this box as a `trusted device', specifically allowing SSH connections.

The hosts.deny file is empty, the hosts.allow file has ALL:ALL in it.
 
Old 06-17-2003, 03:35 PM   #10
jstu
Member
 
Registered: Jan 2002
Distribution: slackware
Posts: 193

Rep: Reputation: 30
On the computer your trying to ssh from can you ssh to other boxes besides the one the doesnt work? If you cant test it maybe try killing the firewall. Run iptables -L to make sure there are no rules left and everything is set to accept. Then try to connect to the box. If all that doesnt work I'm out of idea's.
 
Old 06-17-2003, 03:40 PM   #11
lkalman
LQ Newbie
 
Registered: Jun 2003
Posts: 12

Original Poster
Rep: Reputation: 0
> On the computer your trying to ssh from can you ssh to other boxes
> besides the one the doesnt work?
Sorry, I forgot to tell you before: YES.

I don't know much about iptables, here is the output of iptables -L:
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Lokkit-0-50-INPUT (2 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:http flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp flags:SYN,RST,ACK/SYN
ACCEPT udp -- anywhere anywhere udp spts:bootps:bootpc dpts:bootps:bootpc
ACCEPT udp -- anywhere anywhere udp spts:bootps:bootpc dpts:bootps:bootpc
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT udp -- bud-ink00.chello.hu anywhere udp spt:domain
ACCEPT udp -- bud-ink01.chello.hu anywhere udp spt:domain
REJECT tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp reject-with icmp-port-unreachable
 
Old 06-17-2003, 06:40 PM   #12
lkalman
LQ Newbie
 
Registered: Jun 2003
Posts: 12

Original Poster
Rep: Reputation: 0
Dear jstu,

thank you for your help. I just found the problem: there was a file /etc/sysconfig/ipchains with stuff in it, which I commented out, and now everything is fine. Isn't it a bug, by the way, that redhat-config-securitylevel does not delete or rename that file when one sets "no firewall"? And/or shouldn't it disable the ipchains services when one does not want a firewall?

Best --
 
Old 06-17-2003, 07:55 PM   #13
jstu
Member
 
Registered: Jan 2002
Distribution: slackware
Posts: 193

Rep: Reputation: 30
You would think so. If you want to run a firewall I would suggest learning iptables. The redhat gui tools are good but they prevent you from really know whats going on behind the scenes.
 
Old 06-17-2003, 07:55 PM   #14
jstu
Member
 
Registered: Jan 2002
Distribution: slackware
Posts: 193

Rep: Reputation: 30
mistake
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
port 25 connection refused even from localhost?? Ed1952 Red Hat 2 11-15-2005 08:24 AM
connection refused Samba port 139 cbriscoejr Linux - Networking 4 10-14-2004 10:34 AM
Connection refused error for port 25 jgnasser Linux - Networking 3 08-25-2004 07:09 AM
SSH port...Connection....refused?? Miyamoto Mandriva 6 08-26-2003 04:03 PM
Connection Refused on port 9240 Rustiy Linux - Networking 2 04-22-2003 09:48 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 11:28 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration