LinuxQuestions.org - running ssh problem

- Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)

- - running ssh problem (https://www.linuxquestions.org/questions/linux-server-73/running-ssh-problem-588418/)

running ssh problem

Hi folks,

Ubuntu 7.04 server amd64
router IP - 192.168.0.10

Ubuntu 7.04 desktop
router IP - 192.168.0.11

Server can ssh desktop but desktop can't ssh server.

On desktop
$ ssh -Y satimis@192.168.0.10 rox
password:

Code:

....

(rox:5168): Gtk-warning ** Locale not supported by C library

Using the fallback 'C' locale

Server Rox does not display on desktop.

Any advice? TIA

satimis

First check that basic ssh works. Does

Code:

ssh -Y satimis@192.168.0.10 /bin/bash

give you a shell on server? What does $DISPLAY contain after it? Does xterm succeed to run? Does this work better with untrusted X11 forwarding (-X instead of -Y)? Does rox run from such a session?

Quote:

Originally Posted by raskin (Post 2908548)

First check that basic ssh works. Does

Code:

ssh -Y satimis@192.168.0.10 /bin/bash

give you a shell on server? What does $DISPLAY contain after it? Does xterm succeed to run? Does this work better with untrusted X11 forwarding (-X instead of -Y)? Does rox run from such a session?

Tks for your advice.

On desktop
$ ssh -Y satimis@192.168.0.10 /bin/bash
satimis@192.168.0.10's password:

It just hangs here.

Ah would it be the problem of running xvt on server instead of xterm?

On server:

$ apt-cache policy xvt

Code:

xvt:

  Installed: 2.1-20

  Candidate: 2.1-20

  Version table:

 *** 2.1-20 0

        500 http://us.archive.ubuntu.com feisty/universe Packages

        100 /var/lib/dpkg/status

$ apt-cache policy xterm

Code:

xterm:

  Installed: (none)

  Candidate: 223-1

  Version table:

    223-1 0

        500 http://us.archive.ubuntu.com feisty/main Packages

        100 /var/lib/dpkg/status

If it is this cause, I'll

$ sudo apt-get remove xvt

then

$ sudo apt-get install xterm

TIA

B.R.
satimis

Problem still remains

Hi folks,

Performed following test:-

On server

$ sudo apt-get remove xvt
$ sudo apt-get install xterm

both went through w/o problem.

On desktop:-

$ ssh -Y satimis@192.168.0.10 rox

Code:

satimis@192.168.0.10's password: 



(process:5461): Gdk-WARNING **: locale not supported by C library



(rox:5461): Gtk-WARNING **: Locale not supported by C library.

        Using the fallback 'C' locale.

$ ssh -Y satimis@192.168.0.10 /bin/bash

Code:

satimis@192.168.0.10's password:

Just hung here.

$ ssh -X satimis@192.168.0.10 rox

Code:

satimis@192.168.0.10's password: 



(process:5475): Gdk-WARNING **: locale not supported by C library



(rox:5475): Gtk-WARNING **: Locale not supported by C library.

        Using the fallback 'C' locale.

Problem is NOT solved

B.R.
satimis

What do sshd logs on server contain? What does just 'ssh satimis@192.168.0.10' do?

Quote:

Originally Posted by raskin (Post 2908917)

What do sshd logs on server contain? What does just 'ssh satimis@192.168.0.10' do?

On Desktop

$ ssh satimis@192.168.0.10
satimis@192.168.0.10's password:

Code:

Linux ubuntu 2.6.20-15-generic #2 SMP Sun Apr 15 06:17:24 UTC 2007 x86_64



The programs included with the Ubuntu system are free software;

the exact distribution terms for each program are described in the

individual files in /usr/share/doc/*/copyright.



Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by

applicable law.

Last login: Mon Oct  1 12:13:56 2007 from 192.168.0.11

No remote server desktop displayed

$ cat /var/log/auth.log | grep sshd | less

Code:

.....

......

Oct  1 09:04:32 ubuntu sshd[4931]: Accepted password for satimis from 192.168.0.11 port 39662 ssh2

Oct  1 09:04:32 ubuntu sshd[4933]: (pam_unix) session opened for user satimis by (uid=0)

Oct  1 09:07:44 ubuntu sshd[4933]: (pam_unix) session closed for user satimis

Oct  1 09:13:40 ubuntu sshd[4969]: Accepted password for satimis from 192.168.0.11 port 54941 ssh2

Oct  1 09:13:40 ubuntu sshd[4971]: (pam_unix) session opened for user satimis by (uid=0)

Oct  1 09:13:54 ubuntu sshd[4971]: (pam_unix) session closed for user satimis

Oct  1 10:48:24 ubuntu sshd[5458]: Accepted password for satimis from 192.168.0.11 port 51409 ssh2

Oct  1 10:48:24 ubuntu sshd[5460]: (pam_unix) session opened for user satimis by (uid=0)

Oct  1 10:48:42 ubuntu sshd[5460]: (pam_unix) session closed for user satimis

Oct  1 10:49:07 ubuntu sshd[5464]: Accepted password for satimis from 192.168.0.11 port 51410 ssh2

Oct  1 10:49:07 ubuntu sshd[5466]: (pam_unix) session opened for user satimis by (uid=0)

Oct  1 10:57:23 ubuntu sshd[5466]: (pam_unix) session closed for user satimis

Oct  1 10:57:45 ubuntu sshd[5472]: Accepted password for satimis from 192.168.0.11 port 35486 ssh2

Oct  1 10:57:45 ubuntu sshd[5474]: (pam_unix) session opened for user satimis by (uid=0)

Oct  1 10:58:05 ubuntu sshd[5474]: (pam_unix) session closed for user satimis

Oct  1 12:01:07 ubuntu sshd[5531]: Accepted password for satimis from 192.168.0.11 port 36854 ssh2

Oct  1 12:01:07 ubuntu sshd[5556]: (pam_unix) session opened for user satimis by (uid=0)

Oct  1 12:02:22 ubuntu sshd[5556]: (pam_unix) session closed for user satimis

Oct  1 12:12:45 ubuntu sshd[5588]: Accepted password for satimis from 192.168.0.11 port 58368 ssh2

Oct  1 12:12:45 ubuntu sshd[5590]: (pam_unix) session opened for user satimis by (uid=0)

Oct  1 12:13:38 ubuntu sshd[5590]: (pam_unix) session closed for user satimis

Oct  1 12:13:56 ubuntu sshd[5610]: Accepted password for satimis from 192.168.0.11 port 58369 ssh2

Oct  1 12:13:56 ubuntu sshd[5612]: (pam_unix) session opened for user satimis by (uid=0)

(END)

satimis

Looks like 'ssh satimis@192.168.0.10' gives you a shell where you can actually type.. OK, does 'ssh -X satimis@192.168.0.10' do the same? (Try waiting 65 seconds after entering password, there are different timeouts to expire) Is your $HOME writable by you and clear of unwritable hidden files?

Quote:

Originally Posted by raskin (Post 2908959)

Oh I got it.

On desktop
$ ssh satimis@192.168.0.1
and
$ ssh -X satimis@192.168.0.1

both did the same connecting the remote server

$ ls
displayed the files and directories on the server.

However ran;

$ leafpad
and
$ rox
displatying

Code:

(leafpad:5800): Gtk-WARNING **: Locale not supported by C library.

        Using the fallback 'C' locale.

What does it mean?

Quote:

Is your $HOME writable by you and clear of unwritable hidden files?

Sorry I don't follow.

On server
$ ls -l
showing all files are owned by "satimis:satimis" and writable by their owner "-rw-r--r--"

B.R.
satimis

What your $LC_ALL and $LANG on server contain? Anyway, this should be ignorable - it is all about impossibility to meet your supposed country-specific tastes in data representation. It should start anyway. Does rox start when it is just run on server? About writable $HOME - I meant both on desktop and server, but probably it isn't the issue. Is leafpad a window manager, by the way? I do not know, but there are some classes of X programs that need to be the only program of the kind on the $DISPLAY . So it may be the cause.. Try running Xnest with xterm in it, and experiment there, so you will not have conflicts.

Quote:

Originally Posted by raskin (Post 2909119)

Where to check them? On locale/locale.conf?

Quote:

Does rox start when it is just run on server?

Yes, no problem.

Quote:

About writable $HOME - I meant both on desktop and server, but probably it isn't the issue.

Yes, no problem at all on both desktop PC and server.

Quote:

Is leafpad a window manager, by the way? I do not know, but there are some classes of X programs that need to be the only program of the kind on the $DISPLAY . So it may be the cause..

No, it is a GUI text editor. I'm running Fluxbox as window manager/desktop.

Previously both of them worked without problem on this server which has been crashed before when I tried reinstalling "locale". Now this server is a fresh installation with same packages. Before crash "Ubuntu 7.04 desktop" can connect the server with "scp" and "ssh". Nothing has been touched on the desktop PC.

Quote:

Try running Xnest with xterm in it, and experiment there, so you will not have conflicts.

Sorry I don't follow. Is Xnest a package? I start xterm after starting X, the Fluxbox window manager.

B.R.
satimis

Check them just in console..

Code:

echo $LC_ALL ; echo $LANG

Try running

Code:

export LC_ALL=C; export LANG=C

also. Xnest part is irrelevant now. Try also

Code:

strace -f -o leafpad.strace leafpad

and post resulting leafpad.strace.

EDIT: and try running

Code:

xhost + 127.0.0.1

on desktop.

Quote:

Originally Posted by raskin (Post 2909170)

Check them just in console..

Code:

echo $LC_ALL ; echo $LANG

Try running

Code:

export LC_ALL=C; export LANG=C

also. Xnest part is irrelevant now. Try also

Code:

strace -f -o leafpad.strace leafpad

and post resulting leafpad.strace.

EDIT: and try running

Code:

xhost + 127.0.0.1

on desktop.

On server

$ echo $LC_ALL ; echo $LANG

Code:



en_US.UTF-8

$ export LC_ALL=C; export LANG=C
$ export LC_ALL=C ; export LANG=C
Both w/o printout.

$ strace -f -o leafpad.strace leafpad
leadpad started but w/o any printout on console.

On desktop
$ xhost + 127.0.0.1

Code:

127.0.0.1 being added to access control list

satimis

So does leafpad start after all this (if you repeat attempt after xhost on desktop)? If not, try 'strace' way again, wait a minute, terminate it and post leafpad.strace.

Quote:

Originally Posted by raskin (Post 2909586)

So does leafpad start after all this (if you repeat attempt after xhost on desktop)? If not, try 'strace' way again, wait a minute, terminate it and post leafpad.strace.

Sorry I'm not clear of your advice. I don't have leafpad running on the desktop.

Performed following steps:-

On server;
$ echo $LC_ALL ; echo $LANG

Code:



en_HK.UTF-8

This time not "en_US.UTF-8". I did not touch anything on locale config.

$ export LC_ALL=C ; export LANG=C
No complaint.

$ strace -f -o leafpad.strace leafpad
started leafpad locally.

On desktop;
$ xhost + 127.0.0.1

Code:

127.0.0.1 being added to access control list

$ echo $LC_ALL ; echo $LANG

Code:



en_HK.UTF-8

$ export LC_ALL=C ; export LANG=C
No complaint.

$ ssh -Y satimis@102.168.0.10 leafpad

Code:

satimis@192.168.0.10's password

It hung there sometimes.

Then popup;
leafpad: cannot open display.

Remark: Rox, the file manager, is running on both server and desktop.

I found following mistake on server;

$ locale

Code:

locale: Cannot set LC_CTYPE to default locale: No such file or directory

locale: Cannot set LC_MESSAGES to default locale: No such file or directory

locale: Cannot set LC_ALL to default locale: No such file or directory

LANG=en_HK.UTF-8

LC_CTYPE="en_HK.UTF-8"

LC_NUMERIC="en_HK.UTF-8"

LC_TIME="en_HK.UTF-8"

LC_COLLATE="en_HK.UTF-8"

LC_MONETARY="en_HK.UTF-8"

LC_MESSAGES="en_HK.UTF-8"

LC_PAPER="en_HK.UTF-8"

LC_NAME="en_HK.UTF-8"

LC_ADDRESS="en_HK.UTF-8"

LC_TELEPHONE="en_HK.UTF-8"

LC_MEASUREMENT="en_HK.UTF-8"

LC_IDENTIFICATION="en_HK.UTF-8"

LC_ALL=

The first 3 lines are warning. How to fix them? Tks

Edit:

Performed following steps to fix the problem of above warning on the 3 lines mentioned;

$ sudo apt-get install language-pack-en-base

Code:

Reading package lists... Done

Building dependency tree      

Reading state information... Done

The following extra packages will be installed:

  language-pack-en

Recommended packages:

  language-support-en

The following NEW packages will be installed:

  language-pack-en language-pack-en-base

......

......

Setting up language-pack-en (7.04+20070601) ...

Setting up language-pack-en-base (7.04+20070412) ...

Generating locales...

  en_AU.UTF-8... done

  en_BW.UTF-8... done

  en_CA.UTF-8... done

  en_DK.UTF-8... done

  en_GB.UTF-8... done

  en_HK.UTF-8... done

  en_IE.UTF-8... done

  en_IN.UTF-8... done

  en_NZ.UTF-8... done

  en_PH.UTF-8... done

  en_SG.UTF-8... done

  en_US.UTF-8... up-to-date

  en_ZA.UTF-8... done

  en_ZW.UTF-8... done

Generation complete.

$ locale

Code:

LANG=C

LC_CTYPE="C"

LC_NUMERIC="C"

LC_TIME="C"

LC_COLLATE="C"

LC_MONETARY="C"

LC_MESSAGES="C"

LC_PAPER="C"

LC_NAME="C"

LC_ADDRESS="C"

LC_TELEPHONE="C"

LC_MEASUREMENT="C"

LC_IDENTIFICATION="C"

LC_ALL=C

(Remark: what command shall I run here instead of a reboot ?

$ sudo dpkg-reconfigure locales
??? Tks )

Rebooted server.

$ locale

Code:

LANG=en_HK.UTF-8

LC_CTYPE="en_HK.UTF-8"

LC_NUMERIC="en_HK.UTF-8"

LC_TIME="en_HK.UTF-8"

LC_COLLATE="en_HK.UTF-8"

LC_MONETARY="en_HK.UTF-8"

LC_MESSAGES="en_HK.UTF-8"

LC_PAPER="en_HK.UTF-8"

LC_NAME="en_HK.UTF-8"

LC_ADDRESS="en_HK.UTF-8"

LC_TELEPHONE="en_HK.UTF-8"

LC_MEASUREMENT="en_HK.UTF-8"

LC_IDENTIFICATION="en_HK.UTF-8"

LC_ALL=

The warning on 3 lines gone.

$ echo $LC_ALL ; echo $LANG

Code:



en_HK.UTF-8

$ export LC_ALL=C ; export LANG=C
No complaint.

$ strace -f -o leafpad.strace leafpad
started leadpad

On desktop;

$ xhost + 127.0.0.1

Code:



127.0.0.1 being added to access control list

$ echo $LC_ALL ; echo $LANG

Code:



en_HK.UTF-8

$ export LC_ALL=C ; export LANG=C
No complaint.

$ ssh -Y satimis@192.168.0.10 leafpad
satimis@192.168.0.10's password

It just hung here sometimes and then;
leafpad: cannot open display.

satimis

I mean

Code:

 ssh -X satimis@192.168.0.10

strace -f -o leafpad.strace leafpad

Does it work and what does leafpad.strace contain?

Quote:

Originally Posted by raskin (Post 2910381)

I mean

Code:

 ssh -X satimis@192.168.0.10

strace -f -o leafpad.strace leafpad

Does it work and what does leafpad.strace contain?

Repeated steps on server. No complaint found.

On desktop
$ xhost + 127.0.0.110

Code:

127.0.0.1 being added to access control list

$ ssh -X satimis@192.168.0.10 strace -f -o leaf.strace leafpad
satimis@192.168.0.10's password:

Code:



(leafpad:7467): Gtk-WARNING **: Locale not supported by C library.

        Using the fallback 'C' locale.

This is locale problem, maybe of the perl script. I read many doc found on googling. But can't find my solution.

On running;
$ sudo /etc/init.d/httpd.vmware start

Code:



Starting httpd.vmware:

perl: warning: Setting locale failed.

perl: warning: Please check that your locale settings:

        LANGUAGE = (unset),

        LC_ALL = (unset),

        LANG = "en_HK.UTF-8"

    are supported and installed on your system.

perl: warning: Falling back to the standard locale ("C").

Similar warning popup

$ sudo aptitude install locales

my solve my problem. I haven't tried yet.

Previously I also suffered locale problem on this server. I tried to fix the problem, resulting in the server crashed finally. This is a fresh installation, not complete yet. Therefore I have to proceed with caution.

satimis

Locale problems should be ignored. If you wait a minute, does window appear?

Quote:

Originally Posted by raskin (Post 2910420)

Locale problems should be ignored. If you wait a minute, does window appear?

Just repeated following steps. This time ran rox, the file manager, instead of leafpad.

On server:-

$ echo $LC_ALL ; echo $LANG

Code:



en_HK.UTF-8

$ export LC_ALL=C; export LANG=C
No complaint

$ strace -f -o rox.strace rox

Code:



(rox:4987): Gtk-WARNING **: Could not find the icon 'mime-text:plain'. The 'hicolor' theme

was not found either, perhaps you need to install it.

You can get a copy from:

        http://icon-theme.freedesktop.org/releases

Rox started with above warning popup on console.

On desktop :-

$ xhost + 127.0.0.1

Code:

127.0.0.1 being added to access control list

$ ssh -X satimis@192.168.0.1 strace -f -o rox.strace rox
satimis@192.168.0.1's password

Code:



(process:4994): Gdk-Warning **: locale not supported by C library



(rox:4994): Gtk-Warning ** Locale not supported by C library.

        Using the fallback 'C' locale.



(rox:4994): Gtk-Warning ** cannot open display:

It waited for at least 3 minutes before the last line popup.

satimis

Do you have $DISPLAY set on your desktop?

Quote:

Originally Posted by raskin (Post 2910755)

Do you have $DISPLAY set on your desktop?

Could you please explain in more detail? On desktop which file I have to check and adjust it. TIA

satimis

When I ask about $DISPLAY, I mean $DISPLAY environment variable. It can be viewed by

Code:

echo $DISPLAY

. I start to suspect that for some strange reason the $DISPLAY variable set by X on desktop is not inherited by shell you run ssh from.

Quote:

Originally Posted by raskin (Post 2911250)

When I ask about $DISPLAY, I mean $DISPLAY environment variable. It can be viewed by

Code:

echo $DISPLAY

. I start to suspect that for some strange reason the $DISPLAY variable set by X on desktop is not inherited by shell you run ssh from.

On desktop

$ echo $DISPLAY

Code:

:0.0

same as on server

And on server through ssh?

Quote:

Originally Posted by raskin (Post 2912085)

And on server through ssh?

Yes, it works seamlessly with remote rox displayed locally.

Performed further 2 tests:-

1)
Test-1

a)
server to another desktop F7 on 192.168.0.12

$ ssh -Y satimis@192.168.0.12 nautilus

It worked w/o problem with remote nautilus displayed locally.

b)
desktop F7 to server

$ ssh -Y satimis@192.168.0.10 rox

with the same result unable to display remote rox locally. Server can be ssh-connected.

2)
Test-2

Installed localeconf on server.

$ cat /etc/environment

Code:

PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games"

LANG="en_US.UTF-8"

### BEGIN DEBCONF SECTION FOR localeconf

# Do not edit within this region if you want your changes to be preserved

# by debconf.  Instead, make changes before the "### BEGIN DEBCONF SECTION

# FOR localeconf" line, and/or after the "### END DEBCONF SECTION FOR

# localeconf" line.

LANG=C

### END DEBCONF SECTION FOR localeconf

LANG=C added.

$ sudo /etc/init.d/httpd.vmware start

Code:

Starting httpd.vmware:

the problem on starting VMWare solved.

After rebooting the server and running;

$ sudo /etc/init.d/httpd.vmware start

Code:

Password:

Starting httpd.vmware:

perl: warning: Setting locale failed.

perl: warning: Please check that your locale settings:

        LANGUAGE = (unset),

        LC_ALL = (unset),

        LANG = "en_HK.UTF-8"

    are supported and installed on your system.

perl: warning: Falling back to the standard locale ("C").

VMWare failed to start.

I have to run;
$ export LC_ALL="C"
No complaint.

$ sudo /etc/init.d/httpd.vmware start

Code:

Starting httpd.vmware:

then it worked again. Where shall I check? TIA

satimis

"On server through SSH" - I meant, what is in $DISPLAY when you 'ssh -X' from client to server and check inside ssh session.
About VMWare - what is your goal? To defeat chaos or to have it running? In the latter I think that setting the environment variable in the beginning of the script will be enough (perl should work somehow, and script itself will not be able to tell the difference once variable is set)

Quote:

Originally Posted by raskin (Post 2912488)

"On server through SSH" - I meant, what is in $DISPLAY when you 'ssh -X' from client to server and check inside ssh session.

On server, repeat following steps:-

$ echo $LC_ALL ; echo $LANG

Code:





en_HK.UTF-8

$ export LC_ALL=C; export LANG=C
No complaint

$ echo $DISPLAY

Code:

:0.0

$ strace -f -o rox.strace rox
start rox window

On desktop:-

$ ssh -X satimis@192.168.0.10
server connected. "ls" displayed remote data locally

$ echo $DISPLAY

Code:

localhost:10:0

It displays different output compared with that run on server?

Quote:

About VMWare - what is your goal? To defeat chaos or to have it running? In the latter I think that setting the environment variable in the beginning of the script will be enough (perl should work somehow, and script itself will not be able to tell the difference once variable is set)

I'm building a virtual machine on this server. In the midway I needed to transfer some files from server to the desktop PC for storage and found the ssh problem. Before the server crashed (this is a new installation, not completed yet - 2nd round on building virtural machine), ssh worked both ways, with X forwarded. The only problem was same file-manager being needed for transferring files with drag-n-drop. That is the whole story.

$ perl -version

Code:



This is perl, v5.8.8 built for x86_64-linux-gnu-thread-multi



Copyright 1987-2006, Larry Wall



Perl may be copied only under the terms of either the Artistic License or the

GNU General Public License, which may be found in the Perl 5 source kit.



Complete documentation for Perl, including FAQ lists, should be found on

this system using "man perl" or "perldoc perl".  If you have access to the

Internet, point your browser at http://www.perl.org/, the Perl Home Page.

satimis

Cause of problem found

Hi raskin,

I found the cause of problem. It is the firewall "iptables" which stops X forwarding.

On server after running;
$ sudo iptables -F

On desktop;
$ ssh -X satimis@192.168.0.10 rox

Code:

satimis@192.168.0.10's password: 



(process:5282): Gdk-WARNING **: locale not supported by C library



(rox:5282): Gtk-WARNING **: Locale not supported by C library.

        Using the fallback 'C' locale.



(rox:5285): Gtk-WARNING **: Could not find the icon 'mime-text:plain'. The 'hicolor' theme

was not found either, perhaps you need to install it.

You can get a copy from:

        http://icon-theme.freedesktop.org/releases



(leafpad:5286): Gtk-WARNING **: Locale not supported by C library.

        Using the fallback 'C' locale.



(leafpad:5287): Gtk-WARNING **: Locale not supported by C library.

        Using the fallback 'C' locale.

remote rox displayed locally. Files can be evoked. I don't know why it displays a misleading warning there fooling around us.

Before the server crashed I ran another firewall script. I'm now running following scripts;
$ cat /etc/rc.local

Code:

#

# INPUT

#



# allow all incoming traffic from the management interface NIC

# as long as it is a part of an established connection

iptables -I INPUT 1 -j ACCEPT -d MGMT_NIC_IP -m state --state

RELATED,ESTABLISHED



# allow all ssh traffic to the management interface NIC

iptables -I INPUT 2 -j ACCEPT -p TCP -d MGMT_NIC_IP --destination-port 22



# allow all VMware MUI HTTP traffic to the management interface NIC

iptables -I INPUT 3 -j ACCEPT -p TCP -d MGMT_NIC_IP --destination-port 8222



# allow all VMware MUI HTTPS traffic to the management interface NIC

iptables -I INPUT 4 -j ACCEPT -p TCP -d MGMT_NIC_IP --destination-port 8333



# allow all VMware Authorization Daemon traffic to the management

interface NIC

iptables -I INPUT 5 -j ACCEPT -p TCP -d MGMT_NIC_IP --destination-port 902



# reject all other traffic to the management interface NIC

iptables -I INPUT 6 -j REJECT -d MGMT_NIC_IP --reject-with

icmp-port-unreachable





#

# OUTPUT

#



# allow all outgoing traffic from the management interface NIC

# if it is a part of an established connection

iptables -I OUTPUT 1 -j ACCEPT -s MGMT_NIC_IP -m state --state

RELATED,ESTABLISHED



# allow all DNS queries from the management interface NIC

iptables -I OUTPUT 2 -j ACCEPT -s MGMT_NIC_IP -p UDP --destination-port 53



# reject all other traffic from localhost

iptables -I OUTPUT 3 -j REJECT -s 127.0.0.1 --reject-with

icmp-port-unreachable



# reject all other traffic from the management interface NIC

iptables -I OUTPUT 4 -j REJECT -s MGMT_NIC_IP --reject-with

icmp-port-unreachable

MGMT_NIC_IP = server_IP

On server;

Restart iptables
$ sudo /etc/rc.local restart
No complaint

On desktop running
$ ssh -X satimis@server_IP rox

Code:

ssh: connect to host server_IP port 22: Connection refused

$ ssh -X server_IP

Code:

ssh: connect to host server_IP port 22: Connection refused

It did not work

Again on server
$ sudo nano /etc/ssh/sshd_config
adding "ListenAddress 192.168.0.11" (router IP)

$ cat /etc/ssh/sshd_config

Code:

....

Port 22

ListenAddress 192.168.0.10

ListenAddress 192.168.0.11

....

$ sudo /etc/init.d/ssh restart

Again on desktop
$ ssh -X satimis@server_IP rox

Code:

ssh: connect to host server_IP port 22: Connection refused

$ ssh -X server_IP

Code:

ssh: connect to host server_IP port 22: Connection refused

Problem still there. Any advice?

TIA

satimis

Well, the warnings were not misleading for me - I knew they have nothing to do with the problem. About iptables - did you check what rules take precedence in iptables, first specified or last specified? About VMWare - so does creating a shell script 'httpd.vmware' with contents

Code:

export LC_ALL=C ; export LANG=c; perl httpd.vmware.perl

help?

Quote:

Originally Posted by raskin (Post 2913852)

About iptables - did you check what rules take precedence in iptables, first specified or last specified?

Nothing else. The content listed on my previous posting is the complete script on /etc/rc.local.

I created an executable file on /etc/network/if-up.d/iptables.start
and copid the complete script on the file. Each time on starting the network iptables started as well.

Quote:

About VMWare - so does creating a shell script 'httpd.vmware' with contents

Code:

export LC_ALL=C ; export LANG=C; perl httpd.vmware.perl

help?

Your advice, with minor modification, then works. Thanks

$ sudo /etc/init.d/httpd.vmware start

Code:

Password:

Can't open perl script "httpd.vmware.perl": No such file or directory

Starting httpd.vmware:

After deleting "perl httpd.vmware.perl"
$ sudo /etc/init.d/httpd.vmware start

Code:

Password:

Starting httpd.vmware:

What are your trying to do with that phrase?

B.R.
satimis

I meant that you move old httpd.vmware perl script to httpd.vmware.perl
About precedence - yu issue multiple commands for every chain. Are sure about the order?

Quote:

Originally Posted by raskin (Post 2913965)

yu issue multiple commands for every chain. Are sure about the order?

I'm following;
How to configure and secure Linux for VMware
http://searchservervirtualization.te...242833,00.html

building this Virtual machine for testing. I haven't modified the script.

satimis

Is there anything interesting in dmesg?

Quote:

Originally Posted by raskin (Post 2914020)

Is there anything interesting in dmesg?

$ dmesg

Code:

[    0.000000] Linux version 2.6.20-15-generic (root@yellow) (gcc version 4.1.2 (Ubuntu 4.1.2-0ubuntu4)) #2 SMP Sun Apr 1

5 06:17:24 UTC 2007 (Ubuntu 2.6.20-15.27-generic)

[    0.000000] Command line: root=/dev/mapper/ubuntu-root ro quiet splash

[    0.000000] BIOS-provided physical RAM map:

[    0.000000]  BIOS-e820: 0000000000000000 - 000000000009f000 (usable)

[    0.000000]  BIOS-e820: 000000000009f000 - 00000000000a0000 (reserved)

[    0.000000]  BIOS-e820: 00000000000f0000 - 0000000000100000 (reserved)

[    0.000000]  BIOS-e820: 0000000000100000 - 000000007fee0000 (usable)

[    0.000000]  BIOS-e820: 000000007fee0000 - 000000007fee3000 (ACPI NVS)

[    0.000000]  BIOS-e820: 000000007fee3000 - 000000007fef0000 (ACPI data)

[    0.000000]  BIOS-e820: 000000007fef0000 - 000000007ff00000 (reserved)

[    0.000000]  BIOS-e820: 00000000f0000000 - 00000000f4000000 (reserved)

[    0.000000]  BIOS-e820: 00000000fec00000 - 0000000100000000 (reserved)



- snip -



[  20.482240] Console: colour VGA+ 80x25

[  20.482996] Dentry cache hash table entries: 262144 (order: 9, 2097152 bytes)



- snip -



[  21.800749] NET: Registered protocol family 2

[  21.848782] IP route cache hash table entries: 65536 (order: 7, 524288 bytes)

[  21.849061] TCP established hash table entries: 262144 (order: 10, 4194304 bytes)

[  21.850680] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)

[  21.851084] TCP: Hash tables configured (established 262144 bind 65536)

[  21.851087] TCP reno registered

[  21.864819] checking if image is initramfs... it is



- snip -



[  23.586926] eth0: forcedeth.c: subsystem: 01043:8239 bound to 0000:00:08.0

[  23.587914] ACPI: PCI Interrupt Link [APCF] enabled at IRQ 22

[  23.587924] ACPI: PCI Interrupt 0000:00:02.0[A] -> Link [APCF] -> GSI 22 (level, low) -> IRQ 22





- snip -





[  44.609968] vmmon: module license 'unspecified' taints kernel.

[  44.613587] /dev/vmmon[4697]: Module vmmon: registered with major=10 minor=165

[  44.613607] /dev/vmmon[4697]: Module vmmon: initialized

[  44.976157] /dev/vmnet: open called by PID 4726 (vmnet-bridge)

[  44.976168] /dev/vmnet: hub 0 does not exist, allocating memory.

[  44.976179] /dev/vmnet: port on hub 0 successfully opened

[  44.976192] bridge-eth0: enabling the bridge

[  44.976195] bridge-eth0: up

[  44.976198] bridge-eth0: already up

[  44.976200] bridge-eth0: attached

[  45.046623] /dev/vmnet: open called by PID 4740 (vmnet-natd)

[  45.046635] /dev/vmnet: hub 8 does not exist, allocating memory.

[  45.046647] /dev/vmnet: port on hub 8 successfully opened

[  47.276271] ip_tables: (C) 2000-2006 Netfilter Core Team

[  47.349053] Netfilter messages via NETLINK v0.30.

[  47.353336] nf_conntrack version 0.5.0 (8192 buckets, 65536 max)

[  48.053576] /dev/vmnet: open called by PID 4856 (vmnet-netifup)

[  48.053588] /dev/vmnet: hub 1 does not exist, allocating memory.

[  48.053603] /dev/vmnet: port on hub 1 successfully opened

[  48.054814] /dev/vmnet: open called by PID 4857 (vmnet-netifup)

[  48.054828] /dev/vmnet: port on hub 8 successfully opened

[  48.130540] /dev/vmnet: open called by PID 4878 (vmnet-dhcpd)

[  48.130552] /dev/vmnet: port on hub 1 successfully opened

[  48.131038] /dev/vmnet: open called by PID 4879 (vmnet-dhcpd)

[  48.131048] /dev/vmnet: port on hub 8 successfully opened

[  58.082635] vmnet1: no IPv6 routers present

[  58.454255] vmnet8: no IPv6 routers present

It seems nothing irregular. Most its content relate to hardware

satimis

And if you run tcpdump or wireshark on desktop, what does it say about icmp traffic or port 22 traffic?

Quote:

Originally Posted by raskin (Post 2914559)

And if you run tcpdump or wireshark on desktop, what does it say about icmp traffic or port 22 traffic?

$ tcpdump

Code:

tcpdump: no suitable device found

$ which tcpdump

Code:

/usr/sbin/tcpdump

$ wireshark

Code:

The program 'wireshark' is currently not installed.  You can install it by typing:

sudo apt-get install wireshark

Make sure you have the 'universe' component enabled

bash: wireshark: command not found

What your network interface is called? Run 'tcpdump -i <interface name>'. It would also be interesting to run it on client and on server and compare.. Also post output of 'netstat -nlp' on server.

Quote:

Originally Posted by raskin (Post 2914900)

What your network interface is called? Run 'tcpdump -i <interface name>'. It would also be interesting to run it on client and on server and compare.. Also post output of 'netstat -nlp' on server.

On server

$ ifconfig

Code:

eth0      Link encap:Ethernet  HWaddr 00:0E:A6:F9:A3:5B  

          inet addr:192.168.0.10  Bcast:192.168.0.255  Mask:255.255.255.0

          inet6 addr: fe80::20e:a6ff:fef9:a35b/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:225434 errors:0 dropped:0 overruns:0 frame:0

          TX packets:124933 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000 

          RX bytes:328274339 (313.0 MiB)  TX bytes:9187159 (8.7 MiB)

          Interrupt:21 Base address:0xc000 



lo        Link encap:Local Loopback  

          inet addr:127.0.0.1  Mask:255.0.0.0

          inet6 addr: ::1/128 Scope:Host

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0

          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0 

          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)



vmnet1    Link encap:Ethernet  HWaddr 00:50:56:C0:00:01  

          inet addr:172.16.77.1  Bcast:172.16.77.255  Mask:255.255.255.0

          inet6 addr: fe80::250:56ff:fec0:1/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0

          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000 

          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)



vmnet8    Link encap:Ethernet  HWaddr 00:50:56:C0:00:08  

          inet addr:192.168.213.1  Bcast:192.168.213.255  Mask:255.255.255.0

          inet6 addr: fe80::250:56ff:fec0:8/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0

          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000 

          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

$ sudo tcpdump -i eth0

Code:

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes

11:59:20.104418 IP 74.174.92.64.static.reverse.ltdomains.com.www > 192.168.0.10.36784: . 3214138345:3214139797(1452) ack 4200607416 win 27

11:59:20.104454 IP 192.168.0.10.36784 > 74.174.92.64.static.reverse.ltdomains.com.www: . ack 10164 win 21825

11:59:20.104920 IP 192.168.0.10.32807 > ns1.pacific.net.hk.domain:  51921+ PTR? 10.0.168.192.in-addr.arpa. (43)

11:59:20.111812 IP 74.174.92.64.static.reverse.ltdomains.com.www > 192.168.0.10.36784: . 1452:2904(1452) ack 1 win 27

11:59:20.111831 IP 192.168.0.10.36784 > 74.174.92.64.static.reverse.ltdomains.com.www: . ack 10164 win 21825

11:59:20.119006 IP 74.174.92.64.static.reverse.ltdomains.com.www > 192.168.0.10.36784: . 2904:4356(1452) ack 1 win 27

11:59:20.119014 IP 192.168.0.10.36784 > 74.174.92.64.static.reverse.ltdomains.com.www: . ack 10164 win 21825

11:59:20.142103 IP ns1.pacific.net.hk.domain > 192.168.0.10.32807:  51921 NXDomain 0/1/0 (120)

11:59:20.142220 IP 192.168.0.10.32807 > ns1.pacific.net.hk.domain:  26816+ PTR? 74.174.92.64.in-addr.arpa. (43)

11:59:20.170643 IP ns1.pacific.net.hk.domain > 192.168.0.10.32807:  26816 2/3/3[|domain]

11:59:20.170791 IP 192.168.0.10.32807 > ns1.pacific.net.hk.domain:  5301+ PTR? 4.67.14.202.in-addr.arpa. (42)

11:59:20.192385 IP ns1.pacific.net.hk.domain > 192.168.0.10.32807:  5301* 1/2/2 PTR[|domain]

11:59:20.360706 IP 74.174.92.64.static.reverse.ltdomains.com.www > 192.168.0.10.36784: . 10164:11616(1452) ack 1 win 27

11:59:20.360741 IP 192.168.0.10.36784 > 74.174.92.64.static.reverse.ltdomains.com.www: . ack 18876 win 21553

11:59:20.368352 IP 74.174.92.64.static.reverse.ltdomains.com.www > 192.168.0.10.36784: . 11616:13068(1452) ack 1 win 27

11:59:20.368385 IP 192.168.0.10.36784 > 74.174.92.64.static.reverse.ltdomains.com.www: . ack 18876 win 21553

11:59:20.375955 IP 74.174.92.64.static.reverse.ltdomains.com.www > 192.168.0.10.36784: P 13068:14520(1452) ack 1 win 27

11:59:20.375988 IP 192.168.0.10.36784 > 74.174.92.64.static.reverse.ltdomains.com.www: . ack 18876 win 21553



18 packets captured

18 packets received by filter

0 packets dropped by kernel

It is difficult to compare. They are running.

$ netstat -nlp

Code:

(Not all processes could be identified, non-owned process info

 will not be shown, you would have to be root to see it all.)

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address          Foreign Address        State      PID/Program name  

tcp        0      0 127.0.0.1:3306          0.0.0.0:*              LISTEN    -                  

tcp        0      0 0.0.0.0:80              0.0.0.0:*              LISTEN    -                  

tcp        0      0 192.168.213.1:53        0.0.0.0:*              LISTEN    -                  

tcp        0      0 172.16.77.1:53          0.0.0.0:*              LISTEN    -                  

tcp        0      0 192.168.0.10:53        0.0.0.0:*              LISTEN    -                  

tcp        0      0 127.0.0.1:53            0.0.0.0:*              LISTEN    -                  

tcp        0      0 192.168.0.10:22        0.0.0.0:*              LISTEN    -                  

tcp        0      0 127.0.0.1:953          0.0.0.0:*              LISTEN    -                  

tcp6      0      0 :::53                  :::*                    LISTEN    -                  

tcp6      0      0 ::1:953                :::*                    LISTEN    -                  

udp        0      0 0.0.0.0:32769          0.0.0.0:*                          -                  

udp        0      0 0.0.0.0:514            0.0.0.0:*                          -                  

udp        0      0 192.168.213.1:53        0.0.0.0:*                          -                  

udp        0      0 172.16.77.1:53          0.0.0.0:*                          -                  

udp        0      0 192.168.0.10:53        0.0.0.0:*                          -                  

udp        0      0 127.0.0.1:53            0.0.0.0:*                          -                  

udp6      0      0 :::32771                :::*                              -                  

udp6      0      0 :::53                  :::*                              -                  

raw        0      0 0.0.0.0:1              0.0.0.0:*              7          -                  

Active UNIX domain sockets (only servers)

Proto RefCnt Flags      Type      State        I-Node PID/Program name    Path

unix  2      [ ACC ]    STREAM    LISTENING    13964    -                  /tmp/.font-unix/fs7100

unix  2      [ ACC ]    STREAM    LISTENING    14384    -                  /tmp/.X11-unix/X0

unix  2      [ ACC ]    STREAM    LISTENING    14085    -                  /var/run/vmnat.4737

unix  2      [ ACC ]    STREAM    LISTENING    14483    4927/scim-launcher  /tmp/scim-socket-frontend-satimis

unix  2      [ ACC ]    STREAM    LISTENING    14502    4930/scim-helper-ma /tmp/scim-helper-manager-socket-satimis

unix  2      [ ACC ]    STREAM    LISTENING    14506    4931/scim-panel-gtk /tmp/scim-panel-socket:0-satimis

unix  2      [ ACC ]    STREAM    LISTENING    14105    -                  /var/run/vmware/root/4742/server-fd

unix  2      [ ACC ]    STREAM    LISTENING    14107    -                  /var/run/vmware/root/4742/vmx-fd

unix  2      [ ACC ]    STREAM    LISTENING    14109    -                  /var/run/vmware/root/4742/server-vcvmdb-fd

unix  2      [ ACC ]    STREAM    LISTENING    14111    -                  /var/run/vmware/root/4742/server-vmdb-fd

unix  2      [ ACC ]    STREAM    LISTENING    14113    -                  /var/run/vmware/root/4742/server-vmxvmdb-fd

unix  2      [ ACC ]    STREAM    LISTENING    14115    -                  /var/run/vmware/root/4742/nfc-fd

unix  2      [ ACC ]    STREAM    LISTENING    14117    -                  /var/run/vmware/root/4742/fsserver-fd

unix  2      [ ACC ]    STREAM    LISTENING    13700    -                  /var/run/mysqld/mysqld.sock

unix  2      [ ACC ]    STREAM    LISTENING    14788    4961/npviewer.bin  @/org/wrapper/NSPlugins/libflashplayer.so/4922-2

On desktop

$ ifconfig

Code:

eth0      Link encap:Ethernet  HWaddr 00:07:40:82:68:14  

          inet addr:192.168.0.11  Bcast:192.168.0.255  Mask:255.255.255.0

          inet6 addr: fe80::207:40ff:fe82:6814/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:210 errors:0 dropped:0 overruns:0 frame:0

          TX packets:216 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000 

          RX bytes:247388 (241.5 KiB)  TX bytes:20543 (20.0 KiB)

          Interrupt:10 Base address:0x4000 



lo        Link encap:Local Loopback  

          inet addr:127.0.0.1  Mask:255.0.0.0

          inet6 addr: ::1/128 Scope:Host

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

          RX packets:2 errors:0 dropped:0 overruns:0 frame:0

          TX packets:2 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0 

          RX bytes:100 (100.0 b)  TX bytes:100 (100.0 b)

$ sudo tcpdump -i eth0

Code:

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes

11:56:58.113680 IP linux3.cc.ntu.edu.tw.www > ubuntu704.local.35926: . 943794033:943795473(1440) ack 3710448015 win 319 <nop,nop,timestamp 148301279 153874>

11:56:58.115476 IP ubuntu704.local.32773 > ns1.pacific.net.hk.domain:  63814+ PTR? 11.0.168.192.in-addr.arpa. (43)

11:56:58.151708 IP ubuntu704.local.35926 > linux3.cc.ntu.edu.tw.www: . ack 1440 win 24576 <nop,nop,timestamp 153969 148301279>

11:56:58.181022 IP linux3.cc.ntu.edu.tw.www > ubuntu704.local.35926: . 1440:2880(1440) ack 1 win 319 <nop,nop,timestamp 148301296 153891>

11:56:58.286172 IP linux3.cc.ntu.edu.tw.www > ubuntu704.local.35926: . 4320:5760(1440) ack 1 win 319 <nop,nop,timestamp 148301326 153921>

11:56:58.286250 IP ubuntu704.local.35926 > linux3.cc.ntu.edu.tw.www: . ack 2880 win 24255 <nop,nop,timestamp 154002 148301296,nop,nop,sack 1 {4320:5760}>

11:56:58.361805 IP linux3.cc.ntu.edu.tw.www > ubuntu704.local.35926: . 5760:7200(1440) ack 1 win 319 <nop,nop,timestamp 148301343 153938>

11:56:58.361878 IP ubuntu704.local.35926 > linux3.cc.ntu.edu.tw.www: . ack 2880 win 24255 <nop,nop,timestamp 154021 148301296,nop,nop,sack 1 {4320:7200}>

11:56:58.369192 IP linux3.cc.ntu.edu.tw.www > ubuntu704.local.35926: . 7200:8640(1440) ack 1 win 319 <nop,nop,timestamp 148301345 153940>

11:56:58.369259 IP ubuntu704.local.35926 > linux3.cc.ntu.edu.tw.www: . ack 2880 win 24255 <nop,nop,timestamp 154023 148301296,nop,nop,sack 1 {4320:8640}>

11:56:58.391616 IP linux3.cc.ntu.edu.tw.www > ubuntu704.local.35926: . 8640:10080(1440) ack 1 win 319 <nop,nop,timestamp 148301347 153942>

11:56:58.391694 IP ubuntu704.local.35926 > linux3.cc.ntu.edu.tw.www: . ack 2880 win 24255 <nop,nop,timestamp 154029 148301296,nop,nop,sack 1 {4320:10080}>

11:56:58.391795 IP ns1.pacific.net.hk.domain > ubuntu704.local.32773:  63814 NXDomain 0/1/0 (120)

11:56:58.393307 IP ubuntu704.local.32773 > ns1.pacific.net.hk.domain:  9036+ PTR? 139.8.112.140.in-addr.arpa. (44)

11:56:58.490626 IP linux3.cc.ntu.edu.tw.www > ubuntu704.local.35926: . 10080:11520(1440) ack 1 win 319 <nop,nop,timestamp 148301374 153969>

11:56:58.490706 IP ubuntu704.local.35926 > linux3.cc.ntu.edu.tw.www: . ack 2880 win 24255 <nop,nop,timestamp 154053 148301296,nop,nop,sack 1 {4320:11520}>

11:56:58.498210 IP linux3.cc.ntu.edu.tw.www > ubuntu704.local.35926: . 11520:12960(1440) ack 1 win 319 <nop,nop,timestamp 148301374 153969>

11:56:58.498239 IP ubuntu704.local.35926 > linux3.cc.ntu.edu.tw.www: . ack 2880 win 24255 <nop,nop,timestamp 154055 148301296,nop,nop,sack 1 {4320:12960}>

11:56:58.611255 IP linux3.cc.ntu.edu.tw.www > ubuntu704.local.35926: . 12960:14400(1440) ack 1 win 319 <nop,nop,timestamp 148301407 154002>

11:56:58.611331 IP ubuntu704.local.35926 > linux3.cc.ntu.edu.tw.www: . ack 2880 win 24255 <nop,nop,timestamp 154083 148301296,nop,nop,sack 1 {4320:14400}>

11:56:58.618690 IP linux3.cc.ntu.edu.tw.www > ubuntu704.local.35926: . 14400:15840(1440) ack 1 win 319 <nop,nop,timestamp 148301407 154002>

11:56:58.618717 IP ubuntu704.local.35926 > linux3.cc.ntu.edu.tw.www: . ack 2880 win 24255 <nop,nop,timestamp 154085 148301296,nop,nop,sack 1 {4320:15840}>

11:56:58.649224 IP ns1.pacific.net.hk.domain > ubuntu704.local.32773:  9036 1/2/2 (147)

11:56:58.656162 IP ubuntu704.local.32773 > ns1.pacific.net.hk.domain:  4004+ PTR? 4.67.14.202.in-addr.arpa. (42)

11:56:58.702885 IP linux3.cc.ntu.edu.tw.www > ubuntu704.local.35926: . 15840:17280(1440) ack 1 win 319 <nop,nop,timestamp 148301426 154021>

11:56:58.702957 IP ubuntu704.local.35926 > linux3.cc.ntu.edu.tw.www: . ack 2880 win 24255 <nop,nop,timestamp 154106 148301296,nop,nop,sack 1 {4320:17280}>

11:56:58.710520 IP linux3.cc.ntu.edu.tw.www > ubuntu704.local.35926: . 2880:4320(1440) ack 1 win 319 <nop,nop,timestamp 148301428 154023>

11:56:58.710593 IP ubuntu704.local.35926 > linux3.cc.ntu.edu.tw.www: . ack 17280 win 21366 <nop,nop,timestamp 154108 148301428>

11:56:58.838844 IP linux3.cc.ntu.edu.tw.www > ubuntu704.local.35926: . 17280:18720(1440) ack 1 win 319 <nop,nop,timestamp 148301458 154053>

11:56:58.838916 IP ubuntu704.local.35926 > linux3.cc.ntu.edu.tw.www: . ack 18720 win 24255 <nop,nop,timestamp 154140 148301458>

11:56:58.899150 IP ns1.pacific.net.hk.domain > ubuntu704.local.32773:  4004* 1/2/2 PTR[|domain]

11:56:58.937837 IP linux3.cc.ntu.edu.tw.www > ubuntu704.local.35926: . 18720:20160(1440) ack 1 win 319 <nop,nop,timestamp 148301489 154083>

11:56:58.937906 IP ubuntu704.local.35926 > linux3.cc.ntu.edu.tw.www: . ack 20160 win 24255 <nop,nop,timestamp 154165 148301489>

11:56:59.020595 IP linux3.cc.ntu.edu.tw.www > ubuntu704.local.35926: . 20160:21600(1440) ack 1 win 319 <nop,nop,timestamp 148301512 154106>

11:56:59.020664 IP ubuntu704.local.35926 > linux3.cc.ntu.edu.tw.www: . ack 21600 win 24255 <nop,nop,timestamp 154186 148301512>

11:56:59.028208 IP linux3.cc.ntu.edu.tw.www > ubuntu704.local.35926: . 21600:23040(1440) ack 1 win 319 <nop,nop,timestamp 148301513 154108>

11:56:59.028269 IP ubuntu704.local.35926 > linux3.cc.ntu.edu.tw.www: . ack 23040 win 24255 <nop,nop,timestamp 154188 148301513>

11:56:59.156032 IP linux3.cc.ntu.edu.tw.www > ubuntu704.local.35926: . 23040:24480(1440) ack 1 win 319 <nop,nop,timestamp 148301545 154140>

11:56:59.156106 IP ubuntu704.local.35926 > linux3.cc.ntu.edu.tw.www: . ack 24480 win 24255 <nop,nop,timestamp 154220 148301545>

11:56:59.163945 IP linux3.cc.ntu.edu.tw.www > ubuntu704.local.35926: . 24480:25920(1440) ack 1 win 319 <nop,nop,timestamp 148301545 154140>

11:56:59.164009 IP ubuntu704.local.35926 > linux3.cc.ntu.edu.tw.www: . ack 25920 win 24255 <nop,nop,timestamp 154222 148301545>

11:56:59.254093 IP linux3.cc.ntu.edu.tw.www > ubuntu704.local.35926: . 25920:27360(1440) ack 1 win 319 <nop,nop,timestamp 148301570 154165>

11:56:59.254163 IP ubuntu704.local.35926 > linux3.cc.ntu.edu.tw.www: . ack 27360 win 24255 <nop,nop,timestamp 154244 148301570>

11:56:59.344711 IP linux3.cc.ntu.edu.tw.www > ubuntu704.local.35926: . 27360:28800(1440) ack 1 win 319 <nop,nop,timestamp 148301591 154186>

11:56:59.344786 IP ubuntu704.local.35926 > linux3.cc.ntu.edu.tw.www: . ack 28800 win 24255 <nop,nop,timestamp 154267 148301591>

11:56:59.352339 IP linux3.cc.ntu.edu.tw.www > ubuntu704.local.35926: . 28800:30240(1440) ack 1 win 319 <nop,nop,timestamp 148301593 154188>

11:56:59.352403 IP ubuntu704.local.35926 > linux3.cc.ntu.edu.tw.www: . ack 30240 win 24255 <nop,nop,timestamp 154269 148301593>



47 packets captured

47 packets received by filter

0 packets dropped by kernel

$ netstat -nlp

Code:

(Not all processes could be identified, non-owned process info

 will not be shown, you would have to be root to see it all.)

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address          Foreign Address        State      PID/Program name  

tcp        0      0 127.0.0.1:2208          0.0.0.0:*              LISTEN    -                  

tcp        0      0 127.0.0.1:631          0.0.0.0:*              LISTEN    -                  

tcp        0      0 127.0.0.1:2207          0.0.0.0:*              LISTEN    -                  

tcp6      0      0 :::22                  :::*                    LISTEN    -                  

udp        0      0 0.0.0.0:32768          0.0.0.0:*                          -                  

udp        0      0 0.0.0.0:68              0.0.0.0:*                          -                  

udp        0      0 0.0.0.0:5353            0.0.0.0:*                          -                  

Active UNIX domain sockets (only servers)

Proto RefCnt Flags      Type      State        I-Node PID/Program name    Path

unix  2      [ ACC ]    STREAM    LISTENING    17323    5272/nm-applet      /tmp/orbit-satimis/linc-1498-0-25d9837cbf8d5

unix  2      [ ACC ]    STREAM    LISTENING    17334    5268/update-notifie /tmp/orbit-satimis/linc-1494-0-72698582d1802

unix  2      [ ACC ]    STREAM    LISTENING    17347    5274/gnome-power-ma /tmp/orbit-satimis/linc-1497-0-25d9837d6d69

unix  2      [ ACC ]    STREAM    LISTENING    17375    5273/gnome-cups-ico /tmp/orbit-satimis/linc-1499-0-79ef35aba97f5

unix  2      [ ACC ]    STREAM    LISTENING    17393    5270/evolution-alar /tmp/orbit-satimis/linc-1496-0-2bd45ed495e7c

unix  2      [ ACC ]    STREAM    LISTENING    17406    5260/bonobo-activat /tmp/orbit-satimis/linc-148c-0-2635cbef1b4f5

unix  2      [ ACC ]    STREAM    LISTENING    17444    5295/evolution-data /tmp/orbit-satimis/linc-14af-0-4f19743de23f3

unix  2      [ ACC ]    STREAM    LISTENING    17846    5313/mapping-daemon /tmp/mapping-satimis

unix  2      [ ACC ]    STREAM    LISTENING    17869    5306/evolution-exch /tmp/orbit-satimis/linc-14ba-0-3887047a5c253

unix  2      [ ACC ]    STREAM    LISTENING    17912    5323/trashapplet    /tmp/orbit-satimis/linc-14cb-0-2a63d799c6fbb

unix  2      [ ACC ]    STREAM    LISTENING    17956    5362/mixer_applet2  /tmp/orbit-satimis/linc-14f2-0-feafdaa52e24

unix  2      [ ACC ]    STREAM    LISTENING    15815    -                  @/tmp/dbus-456emqdufC

unix  2      [ ACC ]    STREAM    LISTENING    18144    5386/gnome-screensa /tmp/orbit-satimis/linc-1509-0-16e2adddd799d

unix  2      [ ACC ]    STREAM    LISTENING    18158    5394/scim-launcher  /tmp/scim-socket-frontend-satimis

unix  2      [ ACC ]    STREAM    LISTENING    18177    5397/scim-helper-ma /tmp/scim-helper-manager-socket-satimis

unix  2      [ ACC ]    STREAM    LISTENING    18181    5398/scim-panel-gtk /tmp/scim-panel-socket:0-satimis

unix  2      [ ACC ]    STREAM    LISTENING    18199    5401/notification-d /tmp/orbit-satimis/linc-1519-0-34881d53b0dd1

unix  2      [ ACC ]    STREAM    LISTENING    18230    5409/python2.5      /tmp/orbit-satimis/linc-1521-0-692f675b58b69

unix  2      [ ACC ]    STREAM    LISTENING    18269    5447/gksu          /tmp/orbit-satimis/linc-1547-0-69b78cca930d6

unix  2      [ ACC ]    STREAM    LISTENING    18298    -                  /tmp/scim-socket-frontend-root

unix  2      [ ACC ]    STREAM    LISTENING    18317    -                  /tmp/scim-helper-manager-socket-root

unix  2      [ ACC ]    STREAM    LISTENING    18321    -                  /tmp/scim-panel-socket:0-root

unix  2      [ ACC ]    STREAM    LISTENING    14685    -                  /var/run/dbus/system_bus_socket

unix  2      [ ACC ]    STREAM    LISTENING    18345    5472/gnome-terminal /tmp/orbit-satimis/linc-1560-0-641288d3718e0

unix  2      [ ACC ]    STREAM    LISTENING    18427    5521/gedit          /tmp/orbit-satimis/linc-1591-0-6ff0d7dc77c3a

unix  2      [ ACC ]    STREAM    LISTENING    18431    5521/gedit          /tmp/gedit.satimis.4046069457

unix  2      [ ACC ]    STREAM    LISTENING    14441    -                  /var/run/acpid.socket

unix  2      [ ACC ]    STREAM    LISTENING    15982    -                  /var/run/gdm_socket

unix  2      [ ACC ]    STREAM    LISTENING    14706    -                  @/var/run/hald/dbus-3wunxxWvKY

unix  2      [ ACC ]    STREAM    LISTENING    15765    -                  /var/run/avahi-daemon/socket

unix  2      [ ACC ]    STREAM    LISTENING    16543    -                  /var/run/sdp

unix  2      [ ACC ]    STREAM    LISTENING    14703    -                  @/var/run/hald/dbus-zfHHTaMCoc

unix  2      [ ACC ]    STREAM    LISTENING    18611    -                  /var/run/cups/cups.sock

unix  2      [ ACC ]    STREAM    LISTENING    16034    -                  /tmp/.X11-unix/X0

unix  2      [ ACC ]    STREAM    LISTENING    16784    -                  /tmp/ssh-OySboc5184/agent.5184

unix  2      [ ACC ]    STREAM    LISTENING    16815    5231/gconfd-2      /tmp/orbit-satimis/linc-146f-0-6d44a99fc1cad

unix  2      [ ACC ]    STREAM    LISTENING    16825    5184/x-session-mana /tmp/orbit-satimis/linc-1440-0-555f0501dae6f

unix  2      [ ACC ]    STREAM    LISTENING    17037    5184/x-session-mana /tmp/.ICE-unix/5184

unix  2      [ ACC ]    STREAM    LISTENING    17046    5234/gnome-keyring- /tmp/keyring-EafH5k/socket

unix  2      [ ACC ]    STREAM    LISTENING    16795    5229/dbus-daemon    @/tmp/dbus-K28IL42Sto

unix  2      [ ACC ]    STREAM    LISTENING    17067    5236/gnome-settings /tmp/orbit-satimis/linc-1474-0-266dabdfbf612

unix  2      [ ACC ]    STREAM    LISTENING    17095    5244/esd            /tmp/.esd-1000/socket

unix  2      [ ACC ]    STREAM    LISTENING    17189    5251/gnome-panel    /tmp/orbit-satimis/linc-1483-0-1e713182a9352

unix  2      [ ACC ]    STREAM    LISTENING    17212    5248/metacity      /tmp/orbit-satimis/linc-1480-0-1a2c84f73e54

unix  2      [ ACC ]    STREAM    LISTENING    17230    5262/gnome-volume-m /tmp/orbit-satimis/linc-148a-0-41fcb6c323ef4

unix  2      [ ACC ]    STREAM    LISTENING    17257    5257/nautilus      /tmp/orbit-satimis/linc-1489-0-41fcb6c38efb5

unix  2      [ ACC ]    STREAM    LISTENING    17282    5264/gnome-vfs-daem /tmp/orbit-satimis/linc-1490-0-6e04f78016a8

What traffic between desktop and server does tcpdump show when you try to ssh -X? The most interesting part is how does this differ from the view point of client and server..

Quote:

Originally Posted by raskin (Post 2915049)

What traffic between desktop and server does tcpdump show when you try to ssh -X? The most interesting part is how does this differ from the view point of client and server..

With iptables running OR off?

satimis

Do I understand correctly that with iptables off everything is OK? In this case, with iptables running.

Quote:

Originally Posted by raskin (Post 2915095)

Do I understand correctly that with iptables off everything is OK?

Yes, please refer to my posting #27

Quote:

In this case, with iptables running.

OK

On desktop

1)
Console-1

$ ssh -X satimis@192.168.0.10 rox

Code:

satimis@192.168.0.10's password: 



(process:5153): Gdk-WARNING **: locale not supported by C library



(rox:5153): Gtk-WARNING **: Locale not supported by C library.

        Using the fallback 'C' locale.



(rox:5153): Gtk-WARNING **: cannot open display:

Console-2
$ sudo tcpdump -i eth0

Code:

Password:

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes

17:58:48.703193 IP 192.168.0.1 > ALL-SYSTEMS.MCAST.NET: igmp query v2 [max resp time 10]

17:58:48.739881 IP ubuntu704.local.32769 > ns1.pacific.net.hk.domain:  56772+ PTR? 1.0.0.224.in-addr.arpa. (40)

17:58:48.761840 IP ns1.pacific.net.hk.domain > ubuntu704.local.32769:  56772 1/3/6 PTR[|domain]

17:58:48.762441 IP ubuntu704.local.32769 > ns1.pacific.net.hk.domain:  27311+ PTR? 1.0.168.192.in-addr.arpa. (42)

17:58:48.781903 IP ns1.pacific.net.hk.domain > ubuntu704.local.32769:  27311 NXDomain 0/1/0 (119)

17:58:48.886251 IP ubuntu704.local.mdns > 224.0.0.251.mdns:  0 PTR? 1.0.168.192.in-addr.arpa. (42)

17:58:49.182173 IP ubuntu704.local > 224.0.0.251: igmp v2 report 224.0.0.251

17:58:49.182744 IP 192.168.0.1 > ubuntu704.local: ICMP 224.0.0.251 protocol 2 unreachable, length 40

17:58:49.890335 IP ubuntu704.local.mdns > 224.0.0.251.mdns:  0 PTR? 1.0.168.192.in-addr.arpa. (42)

17:58:51.894450 IP ubuntu704.local.mdns > 224.0.0.251.mdns:  0 PTR? 1.0.168.192.in-addr.arpa. (42)

17:58:53.738419 arp who-has 192.168.0.1 tell ubuntu704.local

17:58:53.746152 arp reply 192.168.0.1 is-at 00:16:b6:c9:8a:a9 (oui Unknown)

17:58:53.787613 IP ubuntu704.local.32769 > ns1.pacific.net.hk.domain:  1339+ PTR? 4.67.14.202.in-addr.arpa. (42)

17:58:53.808092 IP ns1.pacific.net.hk.domain > ubuntu704.local.32769:  1339* 1/2/2 PTR[|domain]

17:58:53.808549 IP ubuntu704.local.32769 > ns1.pacific.net.hk.domain:  23491+ PTR? 11.0.168.192.in-addr.arpa. (43)

17:58:53.828263 IP ns1.pacific.net.hk.domain > ubuntu704.local.32769:  23491 NXDomain 0/1/0 (120)

17:58:53.930559 IP ubuntu704.local.mdns > 224.0.0.251.mdns:  0 PTR? 11.0.168.192.in-addr.arpa. (43)

17:58:53.930895 IP ubuntu704.local.mdns > 224.0.0.251.mdns:  0*- [0q] 1/0/0 (Cache flush) PTR[|domain]

17:58:53.931885 IP ubuntu704.local.32769 > ns1.pacific.net.hk.domain:  6479+ PTR? 251.0.0.224.in-addr.arpa. (42)

17:58:53.951719 IP ns1.pacific.net.hk.domain > ubuntu704.local.32769:  6479 NXDomain 0/1/0 (100)

17:58:54.054567 IP ubuntu704.local.mdns > 224.0.0.251.mdns:  0 PTR? 251.0.0.224.in-addr.arpa. (42)

17:58:55.058631 IP ubuntu704.local.mdns > 224.0.0.251.mdns:  0 PTR? 251.0.0.224.in-addr.arpa. (42)

17:58:57.058737 IP ubuntu704.local.mdns > 224.0.0.251.mdns:  0 PTR? 251.0.0.224.in-addr.arpa. (42)



23 packets captured

23 packets received by filter

0 packets dropped by kernel

On server

$ sudo tcpdump -i eth0

Code:

Password:

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes

18:00:21.184711 IP 192.168.0.10.ssh > 192.168.0.11.38149: P 279954464:279954560(

96) ack 185116361 win 359 <nop,nop,timestamp 468638 55467>

18:00:21.184887 IP 192.168.0.11.38149 > 192.168.0.10.ssh: . ack 96 win 2884 <nop

,nop,timestamp 102717 468638>

18:00:21.185813 IP 192.168.0.10.32781 > ns1.pacific.net.hk.domain:  55799+ PTR? 

11.0.168.192.in-addr.arpa. (43)

18:00:21.185994 IP 192.168.0.10.ssh > 192.168.0.11.38149: P 96:224(128) ack 1 wi

n 359 <nop,nop,timestamp 468638 102717>

18:00:21.186103 IP 192.168.0.11.38149 > 192.168.0.10.ssh: . ack 224 win 3244 <no

p,nop,timestamp 102717 468638>

18:00:21.186460 IP 192.168.0.11.38149 > 192.168.0.10.ssh: P 1:33(32) ack 224 win

 3244 <nop,nop,timestamp 102717 468638>

18:00:21.186592 IP 192.168.0.11.38149 > 192.168.0.10.ssh: F 33:33(0) ack 224 win

 3244 <nop,nop,timestamp 102717 468638>

18:00:21.187230 IP 192.168.0.10.ssh > 192.168.0.11.38149: F 224:224(0) ack 34 wi

n 359 <nop,nop,timestamp 468639 102717>

18:00:21.187353 IP 192.168.0.11.38149 > 192.168.0.10.ssh: . ack 225 win 3244 <no

p,nop,timestamp 102717 468639>

18:00:21.204767 IP ns1.pacific.net.hk.domain > 192.168.0.10.32781:  55799 NXDoma

in 0/1/0 (120)

18:00:21.204928 IP 192.168.0.10.32781 > ns1.pacific.net.hk.domain:  17824+ PTR? 

10.0.168.192.in-addr.arpa. (43)

18:00:21.225484 IP ns1.pacific.net.hk.domain > 192.168.0.10.32781:  17824 NXDoma

in 0/1/0 (120)

18:00:21.225616 IP 192.168.0.10.32781 > ns1.pacific.net.hk.domain:  46575+ PTR? 

4.67.14.202.in-addr.arpa. (42)

18:00:21.246687 IP ns1.pacific.net.hk.domain > 192.168.0.10.32781:  46575* 1/2/2

 PTR[|domain]

18:00:26.184749 arp who-has 192.168.0.1 tell 192.168.0.10

18:00:26.184885 IP 192.168.0.10.32781 > ns1.pacific.net.hk.domain:  44587+ PTR? 

1.0.168.192.in-addr.arpa. (42)

18:00:26.185840 arp reply 192.168.0.1 is-at 00:16:b6:c9:8a:a9 (oui Unknown)

18:00:26.205881 IP ns1.pacific.net.hk.domain > 192.168.0.10.32781:  44587 NXDoma

in 0/1/0 (119)



18 packets captured

18 packets received by filter

0 packets dropped by kernel

satimis

Try (on desktop) telnet or netcat or ncat to server port 22.. What happens? Also redo tcpdump experiment: launch it on both boxes first, then try 'ssh -X', and please leave only communication between server and client in your post. By the way, I looked once more at iptables configuration and if I understand anything, it forbids network connections from 127.0.0.1 to 127.0.0.1 through loopback - and X forwarding is done that way.

Quote:

Originally Posted by raskin (Post 2915189)

Iptables on server was running.

1) Test-1

On desktop;

$ telnet 192.168.0.10 22

Code:

Trying 192.168.0.10...

Connected to 192.168.0.10.

Escape character is '^]'.

SSH-2.0-OpenSSH_4.3p2 Debian-8ubuntu1

Connection closed by foreign host.

$ sudo tcpdump -i eth0

Code:

Password:

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes

21:52:17.560976 IP ubuntu704.local.32773 > ns1.pacific.net.hk.domain:  690+ A? sb.google.com. (31)

21:52:17.583103 IP ns1.pacific.net.hk.domain > ubuntu704.local.32773:  690 2/7/7 CNAME sb.l.google.com., (290)

21:52:17.583547 IP ubuntu704.local.45122 > po-in-f91.google.com.www: S 2083052393:2083052393(0) win 5840 <mss 1460,sackOK,timestamp 741054 0,nop,wscale 2>

21:52:17.584585 IP 192.168.0.1.1974 > 192.168.0.255.snmp-trap:  Trap(120)  E:3955.2.2.1 192.168.0.1 enterpriseSpecific s=1 1368842 [|snmp]

21:52:17.626074 IP ubuntu704.local.32773 > ns1.pacific.net.hk.domain:  47876+ PTR? 4.67.14.202.in-addr.arpa. (42)

21:52:17.646768 IP ns1.pacific.net.hk.domain > ubuntu704.local.32773:  47876* 1/2/2 PTR[|domain]

21:52:17.647192 IP ubuntu704.local.32773 > ns1.pacific.net.hk.domain:  17083+ PTR? 11.0.168.192.in-addr.arpa. (43)

21:52:17.667467 IP ns1.pacific.net.hk.domain > ubuntu704.local.32773:  17083 NXDomain 0/1/0 (120)

21:52:17.771370 IP ubuntu704.local.mdns > 224.0.0.251.mdns:  0 PTR? 11.0.168.192.in-addr.arpa. (43)



9 packets captured

36 packets received by filter

0 packets dropped by kernel

On server;

$ sudo tcpdump -i eth0

Code:

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes

21:55:23.894914 arp who-has 192.168.0.1 tell 192.168.0.10

21:55:23.895425 IP 192.168.0.10.32789 > ns1.pacific.net.hk.domain:  63576+ PTR? 

1.0.168.192.in-addr.arpa. (42)

21:55:23.895839 arp reply 192.168.0.1 is-at 00:16:b6:c9:8a:a9 (oui Unknown)

21:55:23.914415 IP ns1.pacific.net.hk.domain > 192.168.0.10.32789:  63576 NXDoma

in 0/1/0 (119)

21:55:23.914574 IP 192.168.0.10.32789 > ns1.pacific.net.hk.domain:  49217+ PTR? 

10.0.168.192.in-addr.arpa. (43)

21:55:23.935143 IP ns1.pacific.net.hk.domain > 192.168.0.10.32789:  49217 NXDoma

in 0/1/0 (120)

21:55:23.935417 IP 192.168.0.10.32789 > ns1.pacific.net.hk.domain:  37745+ PTR? 

4.67.14.202.in-addr.arpa. (42)

21:55:23.955567 IP ns1.pacific.net.hk.domain > 192.168.0.10.32789:  37745* 1/2/2

 PTR[|domain]



8 packets captured

8 packets received by filter

0 packets dropped by kernel

2) Test-2
On desktop

$ ssh -X satimis@192.168.0.10 rox

Code:

satimis@192.168.0.10's password: 



(process:5333): Gdk-WARNING **: locale not supported by C library



(rox:5333): Gtk-WARNING **: Locale not supported by C library.

        Using the fallback 'C' locale.

It hung here for prolonged time. I have to press [Ctrl]+[c] to stop it.

On server;

$ sudo tcpdump -i eth0

Code:

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes

22:00:58.748352 IP 192.168.0.11.58379 > 192.168.0.10.ssh: F 2511929468:2511929468(0) ack 2609615553 win 2884 <nop,nop,timestamp 871004 1337270>

22:00:58.749019 IP 192.168.0.10.ssh > 192.168.0.11.58379: F 1:1(0) ack 1 win 359 <nop,nop,timestamp 1363479 871004>

22:00:58.749149 IP 192.168.0.11.58379 > 192.168.0.10.ssh: . ack 2 win 2884 <nop,nop,timestamp 871004 1363479>

22:00:58.751000 IP 192.168.0.10.32789 > ns1.pacific.net.hk.domain:  4469+ PTR? 10.0.168.192.in-addr.arpa. (43)

22:00:58.770398 IP ns1.pacific.net.hk.domain > 192.168.0.10.32789:  4469 NXDomain 0/1/0 (120)

22:00:58.770489 IP 192.168.0.10.32789 > ns1.pacific.net.hk.domain:  63340+ PTR? 11.0.168.192.in-addr.arpa. (43)

22:00:58.790579 IP ns1.pacific.net.hk.domain > 192.168.0.10.32789:  63340 NXDomain 0/1/0 (120)

22:00:58.790965 IP 192.168.0.10.32789 > ns1.pacific.net.hk.domain:  49644+ PTR? 4.67.14.202.in-addr.arpa. (42)

22:00:58.811035 IP ns1.pacific.net.hk.domain > 192.168.0.10.32789:  49644* 1/2/2 PTR[|domain]



9 packets captured

9 packets received by filter

0 packets dropped by kernel

While the desktop was hanging as abovementioned, the server also hung on "listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes". On stopping the desktop then the server started to print.

B.R.
satimis

Try allowing all traffic from localhost to localhost on server.

Quote:

Originally Posted by raskin (Post 2916238)

Try allowing all traffic from localhost to localhost on server.

Sorry I don't find this item on /etc/ssh/sshd-config

satimis

No, I mean make iptables accept all incoming local traffic and also allow all outgoing local traffic.

Quote:

Originally Posted by raskin (Post 2916910)

No, I mean make iptables accept all incoming local traffic and also allow all outgoing local traffic.

If /etc/rc.local on server modified as follow;

Code:

# INPUT

#



# allow all incoming traffic from the management interface NIC

# as long as it is a part of an established connection

iptables -I INPUT 1 -j ACCEPT -d MGMT_NIC_IP -m state --state RELATED,ESTABLISHED



# allow all ssh traffic to the management interface NIC

iptables -I INPUT 2 -j ACCEPT -p TCP -d MGMT_NIC_IP --destination-port 22



# allow all VMware MUI HTTP traffic to the management interface NIC

iptables -I INPUT 3 -j ACCEPT -p TCP -d MGMT_NIC_IP --destination-port 8222



# allow all VMware MUI HTTPS traffic to the management interface NIC

iptables -I INPUT 4 -j ACCEPT -p TCP -d MGMT_NIC_IP --destination-port 8333



# allow all VMware Authorization Daemon traffic to the management interface NIC

iptables -I INPUT 5 -j ACCEPT -p TCP -d MGMT_NIC_IP --destination-port 902



# reject all other traffic to the management interface NIC

iptables -I INPUT 6 -j REJECT -d MGMT_NIC_IP --reject-with icmp-port-unreachable



#

# OUTPUT

#



# allow all outgoing traffic from the management interface NIC

# if it is a part of an established connection

iptables -A OUTPUT -j ACCEPT -s MGMT_NIC_IP -m state --state RELATED,ESTABLISHED



# allow all DNS queries from the management interface NIC

iptables -A OUTPUT -j ACCEPT -s MGMT_NIC_IP -p UDP --destination-port 53





#  to allow X forwarding, allow traffic to and from proxy X servers

#  This port range will allow up to 10 proxy servers to be running.



iptables -A OUTPUT -s 127.0.0.1 -p tcp --dport 6010:6019 -j ACCEPT

iptables -A OUTPUT -s 127.0.0.1 -p tcp --sport 6010:6019 -j ACCEPT



# reject all other traffic from localhost

iptables -A OUTPUT -j REJECT -s 127.0.0.1 --reject-with icmp-port-unreachable



# reject all other traffic from the management interface NIC

iptables -A OUTPUT -j REJECT -s MGMT_NIC_IP --reject-with icmp-port-unreachable

ssh works both ways w/o problem with X forwarded. I don't know whether such a change would weaken the security on the server?

satimis

Well, theoretically everything can somewhat reduce security. But if you already have a malicious process on server where you ssh... Well, I would say that you have lost the server and need to reinstall it anyway. There is a significant risk that they have already cracked root. Then ssh can be already compromised. Well, yes,chance to access your X server through forwarding can give enemy an advantage when trying to take over your desktop (and -X is better than -Y from that point of view), but you still don't have options better than 'ssh -X' (Though it is interesting if VNC is better).

Quote:

Originally Posted by raskin (Post 2926429)

OK I'll stick to the iptables rules suggested by that doc. I don't need ssh-connecting the server from a workstation with X forwarding except to remote configure a headless server. Thanks for your advice.

Quote:

(Though it is interesting if VNC is better).

which of follows would you recommend?

Code:

http://www.realvnc.com/



http://www.uvnc.com/



http://www.tightvnc.com/

???

What will the difference in function between VNC and ssh? TIA

satimis

I used TightVNC. They recommend to tunnel it through SSH tunneling - to get encryption with no extra configuration. The benefit of VNC (compared to ssh) is that entire VNC session is just a window on your desktop, so sniffing your keyboard requires finding actual arbitrary-code-execution hole in TightVNC or a really obscure way to force vncviewer deivate from acceptable behavior.