Incoming TCP connections bloked

[dave9000]

Hi,

because of a disk failure I had to re-install my Gentoo box from scratch (2004.3/amd64).
Most of the internet-related applications are working just fine (e.g. firefox, pan, bittorrent, ftp, ...) with some notable exceptions:

1. sshd can receive only local connections
2. aMule run low-id since the other clients cannot connect to port 4662 (changing port doesn't help)

I tried to cleanup the firewall ... I even unmerged iptables and removed packet-filtering support from the kernel!
Where may I look for something misconfigured?
xinetd is not running: should it?

Thanks for your help. dave

[Cuardin]

nmap is your friend. Do a portscan of your computer, first from itself to see which ports are open to localhost, and then from another computer to see which are open to the outside.
_________________
Part of "The adopt an unanswered post initiative"

[dave9000]

[Cuardin]

Try it again with the -P0 option.
nmap must have tried to ping your comp and you block the ping attempts.
Oh, and allways run nmap with as much verbosity as possible. -vv
_________________
Part of "The adopt an unanswered post initiative"

[dave9000]

In all tests aMule and sshd were both running and accessible from within the box.
iptables/ipchains are not installed.

[TEST1] kernel 2.6.10 R6 with packet filter support
In order to keep scan time short I restricted nmap to the ports I am interested in, plus a fake one for validation (5555):

[dave] nmap -sT -p '22,4662,5555' -vv -P0 myhost.dyndns.org
Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Host host181-86.pool8248.interbusiness.it (82.48.86.181) appears to be up ... good.
Initiating Connect() Scan against host181-86.pool8248.interbusiness.it (82.48.86.181)
The Connect() Scan took 36 seconds to scan 3 ports.
Interesting ports on host181-86.pool8248.interbusiness.it (82.48.86.181):
Port State Service
22/tcp filtered ssh
4662/tcp filtered unknown
5555/tcp filtered freeciv
Nmap run completed -- 1 IP address (1 host up) scanned in 37 seconds


[TEST2] kernel 2.6.10 R6 without packet filter support
[dave] nmap -sT -p '22,4662,5555' -vv -P0 myhost.dyndns.org
Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Host host181-86.pool8248.interbusiness.it (82.48.86.181) appears to be up ... good.
Initiating Connect() Scan against host181-86.pool8248.interbusiness.it (82.48.86.181)
The Connect() Scan took 0 seconds to scan 3 ports.
All 3 scanned ports on host181-86.pool8248.interbusiness.it (82.48.86.181) are: closed
Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds


[TEST3] kernel 2.6.10 R6 without packet filter support
[dave] nmap -sT -vv -P0 myhost.dyndns.org
Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Host host181-86.pool8248.interbusiness.it (82.48.86.181) appears to be up ... good.
Initiating Connect() Scan against host181-86.pool8248.interbusiness.it (82.48.86.181)
The Connect() Scan took 19 seconds to scan 1601 ports.
Interesting ports on host181-86.pool8248.interbusiness.it (82.48.86.181):
(The 1598 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp filtered ftp
23/tcp filtered telnet
80/tcp filtered http
Nmap run completed -- 1 IP address (1 host up) scanned in 19 seconds

[Cuardin]

Filtered means that the port is blocked and not responding anythign at all I believe.
Closed means the kernel claims that noone has opened the port and tells nmap so.

But I am not really sure of the details on this. Either way, did you conf sshd to accept connections from external comps?
_________________
Part of "The adopt an unanswered post initiative"

[dave9000]

[Cuardin]

And you are running sshd as a stand-alone? Not through inetd/xinetd?
OK, I see xinetd is off, well, that is good. xinetd should not be on unless there is a speciffic reason.

Can you try another server like apache or monkeyd or something to see if you get anything through?
_________________
Part of "The adopt an unanswered post initiative"

[dave9000]

OK, I had some problem getting monkeyd to work so I switched to webfs.
As I expected I can't connect from the outer world

[Cuardin]

This is acutely bizare.
I saw your IP-tables entries, and they are OK. By default sshd allows connections at all IPs and all interfaces.
Since you can do connections from the box to other computers than obviously your network settings are healthy.

I can't figure out what the problem is.
_________________
Part of "The adopt an unanswered post initiative"

[dave9000]

Cuardin, first of all thank you for you effort ...
... I finally found out where the problem was
I had eth0 configured for dhcp and net.eth0 enabled at the default runlevel.
[root] route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.100.1 * 255.255.255.255 UH 0 0 0 ppp0
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
loopback localhost 255.0.0.0 UG 0 0 0 lo
default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0


Which is wrong! Should be:
[root] route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.100.1 * 255.255.255.255 UH 0 0 0 ppp0
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
loopback localhost 255.0.0.0 UG 0 0 0 lo
default 192.168.100.1 0.0.0.0 UG 0 0 0 ppp0


I posted the "solution" just in case somebody else is going to mess up his adsl connection

[Cuardin]

Are you telling me you could connect to the internet with that configuration????
_________________
Part of "The adopt an unanswered post initiative"

[dave9000]

[Cuardin]

Well, you don't need eth0 to get to the itnernet. you use the ppp0 for that. eth0 is only for reaching other comps on the same LAN.
_________________
Part of "The adopt an unanswered post initiative"