LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 05-12-2016, 09:52 PM   #1
cajunchief
Member
 
Registered: Sep 2010
Posts: 233

Rep: Reputation: 0
Problem getting upper port to be used


To All:

I am attempting to route my ssh traffic through a 47xxx port. Yes, it's not standard but I want to do it for security reasons. When I run the following command I get this error message:

ssh -vvv -p 47235 cajunchief@10.0.x.x
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 10.0.x.x [10.0.x.x port 47235.
debug1: connect to address 10.0.0.232 port 47234: No route to host
ssh: connect to host 10.0.0.232 port 47235: No route to host


However---When i run this command over the default port i get this error:

ssh -vvv -p 22 cajunchief@10.0.x.x
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 10.0.x.x [10.0.x.x] port 22.
debug1: connect to address 10.0.x.x port 22: Connection refused
ssh: connect to host 10.0.x.x port 22: Connection refused


The initial run does not get through???

The second run makes it through but of course does not work as port 22 is not being used by my server.
I have setup my comcast router to port forward port 47235 to the correct ip address 10.0.x.x.


Can anyone tell me where the problem is:

cajunchief
 
Old 05-13-2016, 12:44 AM   #2
ferrari
LQ Guru
 
Registered: Sep 2003
Location: Auckland, NZ
Distribution: openSUSE Leap
Posts: 5,790

Rep: Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139
Quote:
ssh: connect to host 10.0.0.232 port 47235: No route to host
This indicates that the IP address can't be reached (ie nothing to do with port). Check that the IP address is correct. A ping to that address will fail as well...
Code:
ping 10.0.0.232

Last edited by ferrari; 05-13-2016 at 12:45 AM.
 
Old 05-13-2016, 11:20 AM   #3
cajunchief
Member
 
Registered: Sep 2010
Posts: 233

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by ferrari View Post
This indicates that the IP address can't be reached (ie nothing to do with port). Check that the IP address is correct. A ping to that address will fail as well...
Code:
ping 10.0.0.232

Ferrari,
NOT correct! here is the ping!

ping 10.0.0.232
PING 10.0.0.232 (10.0.0.232) 56(84) bytes of data.
64 bytes from 10.0.0.232: icmp_seq=1 ttl=64 time=0.825 ms
64 bytes from 10.0.0.232: icmp_seq=2 ttl=64 time=0.517 ms
64 bytes from 10.0.0.232: icmp_seq=3 ttl=64 time=0.298 ms
64 bytes from 10.0.0.232: icmp_seq=4 ttl=64 time=0.296 ms
64 bytes from 10.0.0.232: icmp_seq=5 ttl=64 time=0.306 ms
64 bytes from 10.0.0.232: icmp_seq=6 ttl=64 time=0.298 ms
64 bytes from 10.0.0.232: icmp_seq=7 ttl=64 time=0.505 ms
64 bytes from 10.0.0.232: icmp_seq=8 ttl=64 time=0.521 ms
^C
--- 10.0.0.232 ping statistics ---
8 packets transmitted, 8 received, 0% packet loss, time 7559ms
rtt min/avg/max/mdev = 0.296/0.445/0.825/0.176 ms
[cajunchief@cajunchiefcom ~]$
 
Old 05-13-2016, 12:02 PM   #4
michaelk
Moderator
 
Registered: Aug 2002
Posts: 25,661

Rep: Reputation: 5891Reputation: 5891Reputation: 5891Reputation: 5891Reputation: 5891Reputation: 5891Reputation: 5891Reputation: 5891Reputation: 5891Reputation: 5891Reputation: 5891
Forwarding the port on the router does not affect local LAN connections. You would need to use your WAN IP address.

Did you configure the firewall to allow traffic on 47235?
 
Old 05-13-2016, 03:59 PM   #5
cajunchief
Member
 
Registered: Sep 2010
Posts: 233

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by michaelk View Post
Forwarding the port on the router does not affect local LAN connections. You would need to use your WAN IP address.

Did you configure the firewall to allow traffic on 47235?

michealk,

don't you need to do a port forward to allow traffic through the router to the port on the cpu you want?

cajunchief
 
Old 05-13-2016, 04:10 PM   #6
michaelk
Moderator
 
Registered: Aug 2002
Posts: 25,661

Rep: Reputation: 5891Reputation: 5891Reputation: 5891Reputation: 5891Reputation: 5891Reputation: 5891Reputation: 5891Reputation: 5891Reputation: 5891Reputation: 5891Reputation: 5891
Yes, but it is only used when accessing the CPU from outside your local network.
 
Old 05-13-2016, 04:47 PM   #7
ferrari
LQ Guru
 
Registered: Sep 2003
Location: Auckland, NZ
Distribution: openSUSE Leap
Posts: 5,790

Rep: Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139
Remember, we're not on front of your network, and your opening post doesn't tell the full story. You didn't demonstrate that you could reach the host with a ping. Important information, otherwise we're left to guess. Use nmap to show that there is a listening ssh server on the host you want to connect to within the LAN.
 
Old 05-13-2016, 07:35 PM   #8
ferrari
LQ Guru
 
Registered: Sep 2003
Location: Auckland, NZ
Distribution: openSUSE Leap
Posts: 5,790

Rep: Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139
Check the host firewall configuration as well.
 
Old 05-15-2016, 02:42 PM   #9
cajunchief
Member
 
Registered: Sep 2010
Posts: 233

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by ferrari View Post
Check the host firewall configuration as well.
ferrari,

I think your probably correct, I don't see the PORT I want to use inside my LAN being open as shown below:

nmap -A -T4 scanme.nmap.org

Starting Nmap 6.40 ( http://nmap.org ) at 2016-05-15 16:34 EDT
Nmap scan report for scanme.nmap.org (45.33.32.156)
Host is up (0.095s latency).
Not shown: 992 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh (protocol 2.0)
| ssh-hostkey: 1024 ac:00:a0:1a:82:ff:cc:55:99:dc:67:2b:34:97:6b:75 (DSA)
| 2048 20:3d:2d:44:62:2a:b0:5a:9d:b5:b3:05:14:c2:a6:b2 (RSA)
|_256 96:02:bb:5e:57:54:1c:4e:45:2f:56:4c:4a:24:b2:57 (ECDSA)
25/tcp filtered smtp
80/tcp open http Apache httpd 2.4.7 ((Ubuntu))
|_http-title: Go ahead and ScanMe!
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
9929/tcp open nping-echo Nping echo
31337/tcp open tcpwrapped
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
SF-Port22-TCP:V=6.40%I=7%D=5/15%Time=5738DD74%P=x86_64-redhat-linux-gnu%r(
SF:NULL,2B,"SSH-2\.0-OpenSSH_6\.6\.1p1\x20Ubuntu-2ubuntu2\.3\r\n");

Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 28.37 seconds


I have a comcast gateway router, how do I configure the internal lan to let my port be open?

cajunchief
 
Old 05-15-2016, 02:52 PM   #10
michaelk
Moderator
 
Registered: Aug 2002
Posts: 25,661

Rep: Reputation: 5891Reputation: 5891Reputation: 5891Reputation: 5891Reputation: 5891Reputation: 5891Reputation: 5891Reputation: 5891Reputation: 5891Reputation: 5891Reputation: 5891
You need to configure the firewall on the server itself (10.0.0.232) if running to allow traffic on port 47235.

What distribution / version is running on 10.0.0.232?
 
Old 05-19-2016, 02:59 PM   #11
cajunchief
Member
 
Registered: Sep 2010
Posts: 233

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by michaelk View Post
You need to configure the firewall on the server itself (10.0.0.232) if running to allow traffic on port 47235.

What distribution / version is running on 10.0.0.232?
michaelk,

As usual yes you are very correct! Merci Beaucoup!

cajunchief
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Problem with keyboard letter P only work in uPPer case do_little49 Linux - Newbie 9 08-16-2013 03:19 PM
Problem access IO memory PCI upper 1Mbyte .... webquinty Linux - Kernel 1 06-02-2009 04:52 AM
upper panel problem rahilmaknojia Linux - Desktop 1 08-02-2008 06:09 PM
ls sorting problem: lower and upper case folded? mcwasi Linux - General 6 10-24-2007 09:26 AM
Upper and lower case problem when mount hardisk UltraSoul Linux - Newbie 1 10-28-2005 08:50 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 07:48 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration