| View previous topic :: View next topic |
| Author |
Message |
derekr
n00b
Joined: 07 Sep 2004
Posts: 4
|
 Posted: Tue Sep 28, 2004 2:29 pm Post subject: Odd connection problem [solved] |
 |
|
hi there,
I'm currently having a problem with connections to my gentoo box from external IP sources.
A few days ago i wanted to see what system updates there were so i ssh'd my box, typed emerge -uD system (but absent-mindedly forgot to add 'p' to the mix), anyways an hour or two later my system was updated and I had to replace/merge all my config files.
No problems here, I adjusted all the files that needed to be fixed, got everything back up and everything seemed good.
Now on to the problem I'm having (which I *think* may be attributed to the system update).
Basically I can't connect to the box on any port, for any reason other than from the LAN (ssh, ftp, etc all work fine on the lan), however from an external IP, I can't connect to any port.
Just to be certain I checked my gateway computer (running freebsd) for the ipf/ipnat configurations, which all look fine, and a quick check of the ipnat active sessions and ipf's logs shows that it's correctly allowing/routing the right ports to my gentoo box.
So to summarize (i'll use ssh for the example) I basically have this:
- Internal LAN gentoo box on 192.168.0.2 running sshd on port 2202
- From any other node on the lan (i've tried from 3 diff boxes) I can connect/login fine.
- Beyond my gateway from the WAN, I cannot get any connection to the gentoo box, but ipf/ipnat say it's forwarding stuff fine.
- I've checked /var/log/messages and it doesn't show anything of interest with regards to sshd/pam.
- Also with another gentoo box on my network (with a similar setup, everything is fine).
- Everything worked fine *before* the system update
any help on the matter would be much appreciated
thanks.
here's some info that might be of use
--GENTOO BOX--
uname -r
cat /etc/ssh/sshd_config
| Code: |
# $OpenBSD: sshd_config,v 1.65 2003/08/28 12:54:34 markus Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
Port 2202
Protocol 2
ListenAddress 0.0.0.0
#ListenAddress ::
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768
# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCreds yes
# Set this to 'yes' to enable PAM authentication (via challenge-response)
# and session processing. Depending on your PAM configuration, this may
# bypass the setting of 'PasswordAuthentication'
UsePAM yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#KeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression yes
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
# no default banner path
Banner /etc/ssh/login.txt
# override default of no subsystems
Subsystem sftp /usr/lib/misc/sftp-server
|
route -n
| Code: |
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 127.0.0.1 255.0.0.0 UG 0 0 0 lo
|
--FREEBSD BOX--
ipnat -l
| Code: |
...
RDR 192.168.0.2 2202 <- -> <GATEWAY_WAN_IP> 2202 [<EXTERNAL_IP> 3091]
...
|
tail -n 2 /var/log/ipf.log
| Code: |
28/09/2004 07:04:31.095262 vr1 @0:3 p <EXTERNAL_IP>,3091 -> 192.168.0.2,2202 PR tcp len 20 48 -S 3544363919 0 65535 K-S IN
28/09/2004 07:04:31.095320 vr0 @0:3 p <EXTERNAL_IP>,3091 -> 192.168.0.2,2202 PR tcp len 20 48 -S 3544363919 0 65535 K-S OU
|
Last edited by derekr on Tue Sep 28, 2004 5:32 pm; edited 1 time in total |
|
| Back to top |
|
 |
derekr
n00b
Joined: 07 Sep 2004
Posts: 4
|
| Posted: Tue Sep 28, 2004 5:32 pm Post subject: |
|
|
Sorry for possibly wasting anyone's time.
I had made one glaring oversight, I hadn't specified the gateway comp for routing and that was the cause of all the problems.
All fixed now thankfully.  |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
