Weird problem with gentoo-router 0_o

darookee

I've got a very weird problem with one of our companies gentoo-routers. When I try to ssh into it it says 'Connection Refused' but sshd _is_ definately running. From localhost and the local network I can use ssh.
As I first noticed the problem I did a nmap portscan on the machine... It looked like this

dkaplowitz

Are you running the sshd on one of those ports? Are you trying to connect with ssh on another port? If not, you should have port 22/sshd open.

If your firewall rules won't allow ssh in, then it's not going to come in, unless you are doing it on some other port.

Also, I don't think there are any kernel patches that will create/alter your firewall rules. ...unless I am missing something about the "security" kernel patch. All those rules should be made by the firewall administrator.
_________________
http://dkap.info

darookee · Posted: Fri Jan 09, 2004 2:30 pm Post subject:

sshd is running on port 22
it is a very simple router which only masquerades outgoing traffic so there are no firewall rules except the one that masquerades

dkaplowitz · Posted: Fri Jan 09, 2004 4:38 pm Post subject:

I guess I'm not clear on what the problem is exactly. If you can ssh to that box from the LAN and from localhost, I imagine that a port scan from the LAN/localhost will reveal an open port 22. Otherwise, how are you connecting locally but not remotely?

You did call this box a router. Is it doing some kind of packet filtering? If so, then that's likely the cause of your problem. Packet filtering will block certain ports (which whoever set the packet filtering up defined).

If this box is behind a NAT'ed gateway/firewall/router, then you are going to have to set up some kind of redirection on that gateway/firewall/router that allows/forwards TCP requests on port 22 from the rest of the world into that machine on the LAN. There is no way for the outside client to know which box it's connecting to if the box has a private IP like 192.168.x.x or 10.x.x.x., etc.

Post some more details, please.

Thanks,

Dave
_________________
http://dkap.info

darookee · Posted: Fri Jan 09, 2004 5:12 pm Post subject:

A portscan from the local network shows port 22 open.
The 'router' does no packet filtering because we don't restrict any kind of internet access from our employees. they can do what they want ;) The router is just for dialing up to our isp so that the network is connected...
And it is not behind anything. it directly dials into the isp.
did you notice that those 2 portscans have different ports open? each time i portscan this box on it's external ip-address it seems to open random ports...
i even can't detect the os with nmap -O o_0

fleed · l33t Joined: 28 Aug 2002 Posts: 756 Location: London

ISP block perhaps?

think4urs11 · Posted: Fri Jan 09, 2004 7:41 pm Post subject:

what gives

darookee · Posted: Sun Jan 11, 2004 12:27 am Post subject:

netstat -plunt gives me a line containing

darookee · Posted: Fri Jan 30, 2004 9:26 am Post subject:

Another weired thing... I forwarded port 3389 to a Terminal Server which is behind the Router... And I can connect to it through the Router 0_o But I still can't connect to the Router using SSH :/

triwebb1 · Tux's lil' helper Joined: 19 Oct 2003 Posts: 87

Try reseting the router. I have had wierd iptables problems with my router before, but a reset fixed it. Yeah....... Its hard to explain...... It wasn't doing what it was supposed to, but a restart fixed it.