LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 04-04-2017, 09:44 AM   #1
chtsalid
Member
 
Registered: Jan 2017
Posts: 69

Rep: Reputation: Disabled
Port Forwarding for SSH gets Connection Refused


Hi all,

i have configured a port forwarding for ssh but receiving connection refused. Here is my topology

VM(redhat)-----------------VM(Centos)----------------KVM(Centos)
192.168.4.2 192.168.4.1 192.168.122.1 192.168.122.2


ping from KVM(Centos) to VM(Redhat) is working. I have configured NAT on VM(Centos) for External zone and Proxy ARP on virbr0 interface.


[root@rh2 ~]# ping 192.168.4.2
PING 192.168.4.2 (192.168.4.2) 56(84) bytes of data.
64 bytes from 192.168.4.2: icmp_seq=1 ttl=63 time=0.790 ms
64 bytes from 192.168.4.2: icmp_seq=2 ttl=63 time=1.94 ms
64 bytes from 192.168.4.2: icmp_seq=3 ttl=63 time=2.88 ms
^C
--- 192.168.4.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 0.790/1.871/2.881/0.855 ms

Furtermore port forwarding is configured as following on VM(Centos)


[root@rh1 ~]# firewall-cmd --zone=external --list-all
external (active)
target: default
icmp-block-inversion: no
interfaces: ens37
sources:
services: ssh
ports:
protocols:
masquerade: yes
forward-ports: port=22roto=tcp:toport=:toaddr=192.168.122.2
sourceports:
icmp-blocks:
rich rules:


However I get connection refused.

Any idea why?

[root@host1 ~]# ssh 192.168.4.1
ssh: connect to host 192.168.4.1 port 22: Connection refused
[root@host1 ~]#


Am I missing sth. in configuration?

Many thanks!
 
Old 04-04-2017, 09:57 AM   #2
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 10,599
Blog Entries: 4

Rep: Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905
Is the sshd service running?

Does anyone have that port-number open?

Last edited by sundialsvcs; 04-04-2017 at 10:03 AM.
 
Old 04-04-2017, 10:08 AM   #3
chtsalid
Member
 
Registered: Jan 2017
Posts: 69

Original Poster
Rep: Reputation: Disabled
Hi,

thanks for you reply. Yes service is running.

[root@rh2 ~]# systemctl status sshd
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2017-04-04 16:09:07 CEST; 55min ago
Docs: man:sshd(8)
man:sshd_config(5)
Process: 1324 ExecStart=/usr/sbin/sshd $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 1340 (sshd)
CGroup: /system.slice/sshd.service
└─1340 /usr/sbin/sshd

Apr 04 16:09:07 rh2.lab.local systemd[1]: Starting OpenSSH server daemon...
Apr 04 16:09:07 rh2.lab.local systemd[1]: PID file /var/run/sshd.pid not readable (yet?) after start.
Apr 04 16:09:07 rh2.lab.local sshd[1340]: Server listening on 0.0.0.0 port 22.
Apr 04 16:09:07 rh2.lab.local sshd[1340]: Server listening on :: port 22.
Apr 04 16:09:07 rh2.lab.local systemd[1]: Started OpenSSH server daemon.
Apr 04 16:09:34 rh2.lab.local sshd[2517]: Accepted password for root from 192.168.122.1 port 450...sh2
Apr 04 16:18:23 rh2.lab.local sshd[2630]: Accepted password for root from 192.168.122.1 port 450...sh2
Apr 04 16:18:50 rh2.lab.local sshd[2653]: Accepted password for root from 192.168.122.1 port 450...sh2
Apr 04 16:23:02 rh2.lab.local sshd[2789]: Accepted password for root from 192.168.122.1 port 450...sh2
Hint: Some lines were ellipsized, use -l to show in full.


[root@rh2 ~]# ss -lntu |grep 22
tcp LISTEN 0 128 *:22 *:*
tcp LISTEN 0 128 :::22 :::*
 
Old 04-18-2017, 02:29 AM   #4
smutkule
LQ Newbie
 
Registered: Jul 2016
Posts: 2

Rep: Reputation: Disabled
show the output of ifconfig cmd on all servers.

**********

And according to ur topology which ip are these( 192.168.4.1,192.168.122.1).please specify.

Last edited by smutkule; 04-18-2017 at 02:33 AM.
 
Old 04-18-2017, 03:24 AM   #5
pan64
LQ Addict
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 21,630

Rep: Reputation: 7265Reputation: 7265Reputation: 7265Reputation: 7265Reputation: 7265Reputation: 7265Reputation: 7265Reputation: 7265Reputation: 7265Reputation: 7265Reputation: 7265
you can try for example nmap (on host1) to check if port 22 available (on host2)
 
Old 04-23-2017, 11:21 AM   #6
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 10,599
Blog Entries: 4

Rep: Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905
Basically, there are three general possibilities here:

(1) No service is listening to the port.

(2) Problem in the port-forwarding rules: the traffic isn't getting there.

(3) Firewall is blocking the traffic on either end.

Also remember that the communication is bi-directional: the traffic must get to the destination a-n-d the reply must return. "Round trip!"

tcpdump, traceroute, and WireShark are your best friends. You need to be able to s-e-e the traffic, from the point-of-view of both sides. Don't try to "guess" what is happening: "Look!"

Last edited by sundialsvcs; 04-23-2017 at 11:23 AM.
 
Old 04-26-2017, 11:31 PM   #7
akkumar
LQ Newbie
 
Registered: Apr 2017
Posts: 2

Rep: Reputation: Disabled
I am not able to start services, getting some error.

Starting sshd: Missing privilege separation directory : /Var/empty/sshd
 
Old 04-27-2017, 12:26 PM   #8
pan64
LQ Addict
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 21,630

Rep: Reputation: 7265Reputation: 7265Reputation: 7265Reputation: 7265Reputation: 7265Reputation: 7265Reputation: 7265Reputation: 7265Reputation: 7265Reputation: 7265Reputation: 7265
looks like insufficient information for me. http://catb.org/~esr/faqs/smart-questions.html
Please give us some details on how did you try to start it, how is your sshd configured ....
/Var/empty/sshd is completely meaningless without context/additional informations.

also did not answer some questions...

Last edited by pan64; 04-27-2017 at 12:27 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Nonstandard ssh port Connection Refused jw1800 Linux - Newbie 16 03-24-2014 04:39 PM
SSH connection refused port 22 XDaniel Linux - Networking 3 03-06-2011 10:53 PM
ssh tunnel on port 22 connection refused ashamanmiller DamnSmallLinux 2 12-10-2010 08:54 AM
ssh: connection refused, port 22 Roko Linux - Networking 5 12-01-2008 05:12 AM
SSH port...Connection....refused?? Miyamoto Mandriva 6 08-26-2003 04:03 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:10 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration