LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   A question about listening interfaces on ssh... (https://www.linuxquestions.org/questions/linux-newbie-8/a-question-about-listening-interfaces-on-ssh-816491/)

trist007 06-26-2010 06:45 AM
A question about listening interfaces on ssh...
 
In my sshd_config file I have the following

Code:
ListenAddress 0.0.0.0
Does this mean that all of my network interfaces are listening as opposed to just one specific network interface? Would 0.0.0.0 include 127.0.0.1?

Also, this computer(A) is on a LAN at my house. It has two network interfaces(eth0 & eth1), both on different subnets. I can connect from another computer(B) on my LAN to this one on one interface(eth0) via SSH just fine. The other interface(eth1) on this computer is hooked up to it's own gateway to the internet using DSL. I'm using this interface(eth1) for running bind.

Anyhow, here's my issue. When using a computer(C), which is a hosted VM , from outside my LAN, to connect to computer(A) via SSH, I get connection refused. So I checked my hosts.deny & hosts.allow files, both empty. I run nmap from computer C and SSH comes up as closed. So I'm thinking it's a firewall issue. Here's what my iptables -L looks like:
Code:
Chain INPUT (policy ACCEPT)
target    prot opt source              destination
fail2ban-ssh  tcp  --  anywhere            anywhere            tcp dpt:ssh
RH-Firewall-1-INPUT  all  --  anywhere            anywhere
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:domain
ACCEPT    udp  --  anywhere            anywhere            udp dpt:domain

Chain FORWARD (policy ACCEPT)
target    prot opt source              destination
RH-Firewall-1-INPUT  all  --  anywhere            anywhere

Chain OUTPUT (policy ACCEPT)
target    prot opt source              destination

Chain RH-Firewall-1-INPUT (2 references)
target    prot opt source              destination
ACCEPT    all  --  anywhere            anywhere
ACCEPT    icmp --  anywhere            anywhere            icmp any
ACCEPT    esp  --  anywhere            anywhere
ACCEPT    ah  --  anywhere            anywhere
ACCEPT    udp  --  anywhere            224.0.0.251        udp dpt:mdns
ACCEPT    udp  --  anywhere            anywhere            udp dpt:ipp
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:ipp
ACCEPT    all  --  anywhere            anywhere            state RELATED,ESTABLISHED
ACCEPT    tcp  --  anywhere            anywhere            state NEW tcp dpt:ssh
REJECT    all  --  anywhere            anywhere            reject-with icmp-host-prohibited

Chain fail2ban-ssh (1 references)
target    prot opt source              destination
RETURN    all  --  anywhere            anywhere
I've been meaning to learn more about iptables, but which chain is for which network interface? I have also tried running nmap from computer(C) to test bind out on tcp 53 that comes up closed. I run udp 53 and that comes up as closed but then again udp is funny because it's stateless. If I run netcat on udp port 53 from computer C I get a blank line as if it's still running. However, I get that for all other ports anyways so that's of no use.

Unless my AT&T DSL is blocking those ports. But if that were the case would the error 'Connection refused' come up when I try to connect via SSH?

What other tests can I run to troubleshoot?

blue_print 06-26-2010 07:25 AM
Can you try opening the SSH port in the iptables?

http://www.cyberciti.biz/faq/linux-o...ll-port-22-23/

trist007 06-26-2010 07:32 AM
Don't I already have it under Chain RH-Firewall-1-INPUT second from the last entry? Isn't that it? Anyhow, I added that line before commit as shown in that link you sent me and I still get the same iptables -L output. Same issue.

blue_print 06-26-2010 07:40 AM
Cab you paste the list of firewall rules, you are having in /etc/sysconfig/iptables?

trist007 06-26-2010 02:42 PM
Sure here it is.
Code:
# Generated by iptables-save v1.3.5 on Wed Jun 23 15:55:03 2010
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [33541:3061023]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
COMMIT
# Completed on Wed Jun 23 15:55:03 2010

trist007 06-27-2010 09:37 AM
Oh man, figured it out. I guess my power went out at my apartment and my DSL modem turned off and then back on and then got assigned a new public IP. I was testing it from outside the LAN to an IP that wasn't my computer. When it doubt, the obvious is usually the cause.

I have question though about iptables. In this case, what's the difference between RH-Firewall-1-INPUT and CHAIN RH-Firewall-1-INPUT. Just like if in iptables I insert a rule such as this one
Code:
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
It will go under RH-Firewall-1-INPUT.
However if I insert a rule such as this one
Code:
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
It will go under Chain RH-Firewall-1-INPUT. These are the same right? Just different groups for organizational purposes?


All times are GMT -5. The time now is 06:31 PM.