LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-02-2004, 09:51 AM   #1
elimedson
LQ Newbie
 
Registered: Oct 2004
Posts: 6

Rep: Reputation: 0
Connection refused


Hi,

Recently installed Slackware 10 on my server box and I am having strange problem access it from other hosts on the network. I need to ssh or telnet to it. I added the my host ip to the hosts.allow file and managed to both ssh and telnet to it. Then the next time I tried the ssh/telnet I got "telnet: Unable to connect to remote host: Connection refused". Haven't change nothing on the server side I was really suprised.

I spent hours finding something that can block my host. The iptables listing is empty, nothing in the hosts.deny file. Been new to Slackware I though there must be something there blocking my host. Can you help?

Thanks,
Elim
 
Old 10-02-2004, 10:08 AM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Can you see those ports open with a nmap scan from the client? Does running netstat -pantu on the server show the ssh and telnet daemons up and listening?
 
Old 10-02-2004, 10:49 AM   #3
elimedson
LQ Newbie
 
Registered: Oct 2004
Posts: 6

Original Poster
Rep: Reputation: 0
Hi

netstat -pantu on the server listed port 22 (sshd) and 23 (inetd)
nmap scan on the client host listed only port 80 as open

Elim
 
Old 10-02-2004, 11:24 AM   #4
dominant
Member
 
Registered: Jan 2004
Posts: 409

Rep: Reputation: 30
Did you configure the sshd_config on the slackware?

Last edited by dominant; 10-02-2004 at 11:26 AM.
 
Old 10-02-2004, 01:12 PM   #5
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
nmap scan on the client host listed only port 80 as open

I meant if you run an nmap *from* the client machine with the sshd server as the target of the scan. The point is to see if the ports are open from the outside. If they're not open then it suggests something like networking/firewall/etc. Might also want to see if restarting the sshd service helps.
 
Old 10-02-2004, 04:09 PM   #6
elimedson
LQ Newbie
 
Registered: Oct 2004
Posts: 6

Original Poster
Rep: Reputation: 0
The ouput of nmap scan from the client is

Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2004-10-02 20:50 GMT
Failed to resolve given hostname/IP: scan. Note that you can't use '/mask' AND '[1-4,7,100-]' style IP ranges
Interesting ports on skessa (192.168.x.x):
(The 1659 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
80/tcp open http

Nmap run completed -- 1 IP address (1 host up) scanned in 3.822 seconds

So only port 80 visible to the client host. Yes seems like this is some firewall issue. The iptables are fine, what else is there on Slackware 10 that can block IP traffic?
 
Old 10-02-2004, 06:18 PM   #7
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Try turning the firewall off on both the client and server and then connecting. Try doing iptables -vnL to make sure that the iptables rules are indeed gone. Also, should port 80 be open on that system?
 
Old 10-03-2004, 06:09 AM   #8
elimedson
LQ Newbie
 
Registered: Oct 2004
Posts: 6

Original Poster
Rep: Reputation: 0
Running iptables -vnL on the server confirms that no rules are in use. Disabled the firewall on the client (running Debian) aswell. I have another client (Windows XP) on my LAN and the same thing happens there.

About port 80 on the server. Yes that should be open. I use it as external web server as well. Use NAT in my router to translate all traffic to port 80 to that server.

I looked for other firewalls (like lokkit) on the server but didn't find any.

One thing I am wondering about. Could this somehow be related to DNS? I remember removing clienthost from the hosts file on the server. This gave me one shot at the server, meaning I could log in via ssh or telnet once and then not any more.
 
Old 10-03-2004, 09:01 AM   #9
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
DNS could normally be an issue, but since your able to see port 80 on the server, it sounds like it's working properly, though if you look at the nmap output there is a message about a hostname lookup failure, so you may want to look into that further. You may also want to use tcpdump to grab some packets (before and post NAT) just to make sure that's working properly as well

Check the router and make sure that it's forwarding the ssh and telnet ports as well. If it's one of those home routers like a linksys or dlink, you might want to give it a reboot.
 
Old 10-03-2004, 09:25 AM   #10
elimedson
LQ Newbie
 
Registered: Oct 2004
Posts: 6

Original Poster
Rep: Reputation: 0
Yes I almost sure this has something to do with DNS lookup. Noticed the client it self had wrong ip in for its own hostname in /etc/hosts. Now when I got all the entries in the hosts file (client and server) and the right entries in the hosts.allow and hosts.deny on the server this seems to work. Well almost. I can use telnet and ssh (only as external computer). When I try to connect directly (not using the router's NAT) I get this error message:

ssh_exchange_identification: Connection closed by remote host

Almost there. Thanks for the help.

Elim
 
Old 10-03-2004, 09:56 AM   #11
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Try connecting with ssh -vvv hostname
 
Old 10-03-2004, 04:40 PM   #12
elimedson
LQ Newbie
 
Registered: Oct 2004
Posts: 6

Original Poster
Rep: Reputation: 0
Thumbs up

oboj, after going to birthday dinner and some red wine I came back to my problem. Trying ssh -vvv hostname resulting in success. Problem solved, at least for now. Thanks Capt_Caveman for assisting me on this issue. Having somebody out there to help when facing problem like this really helps.

Thanks again
Elim
 
Old 10-03-2004, 05:09 PM   #13
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
I've found red wine to be a great problem solver as well Glad you got it working.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Socket Connection Failed: 111 Connection Refused degraffenried13 Linux - General 3 05-31-2009 01:17 AM
ircd.conf: "Connection failed. Error: Connection refused" hamish Linux - Software 3 03-10-2005 07:23 AM
connection refused Alvaro Linux - Networking 2 03-08-2005 03:26 AM
lp filename yields "cannot open connection to localhost - Connection refused" jjge Linux - General 3 12-28-2003 11:02 PM
Connection Refused vhandrade Linux - Networking 2 03-15-2001 10:19 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:16 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration