Re: can't ssh to system on ACS (long)

can you get your sister to run the following:

iptables-save > /tmp/iptables.dump

and email /tmp/iptables.dump to you so you can post it?

On 7/3/06, Lee Ross <leeross@gci.net> wrote:
>
>
> ------- Forwarded message -------
> From: schutter <schutter@sunflower.com>
> To: leeross@gci.net
> Subject: can't ssh to system on ACS
> Date: Sun, 02 Jul 2006 21:52:49 -0800
>
> Lee:
>
> Thanks for sending the emails with the message thread from AKLUG on making
> network connections to systems on ACS. I could not gather any reason from
> them, however, why ssh wouldn't be working to my sister's computer.
> Hopefully someone at AKLUG, either Royce or someone else, may have some
> ideas.
>
> I will summarize the situation for the group. I live in Lawrence,
> Kansas, and my sister lives in Anchorage. I have more technical knowledge
> of computers than my sister and so I would like to be able to log into her
> computer to help her with system administration type things. I have a
> custom built system with an Asus A8V motherboard and Athlon64 3200+ cpu
> running 64 bit SUSE Linux 9.3. My internet access is through my local
> cable company, Sunflower Broadband. My system is connected to a standard
> ethernet hub and then to a cable modem. My sister's computer is also a
> custom built system with an A8V motherboard and Athlon64 3000+ cpu running
> 64 bit SUSE Linux 9.2. It is connected directly to an ACS DSL modem for
> internet access.
>
> When I try to ssh from my system to my sister's system I don't get any
> response. As a test, I've tried some other things. Referring to the
> network configuration data below for my sister's system, an instance of a
> PPP conection can be seen with an IP address of 66.230.103.102 for the end
> on my sister's computer and an IP address of 66.230.103.254 for the ISP
> end. In this case, I can ping and traceroute to 66.230.103.254 just
> fine. However, if I ping 66.230.103.102 I don't get any response and if I
> traceroute to the same address, I get a couple of levels into ACS's
> routers and then the traceroute dies. Doing an ssh to 66.230.103.254 also
> gets no response. I had my sister call ACS tech support and ask them if
> ACS blocked port 22 and they said they did not. Lee Ross has also
> forwarded to me some messages from the AKLUG mailing list which state that
> ACS does not block port 22. However, I decided to try some tests with an
> arbitrary port just to be thorough. I made a random choice of port 1004.
> Lee configured the SSH server on my sister's computer to listen on that
> port. When I did an ssh to her computer using port 1004 I still got no
> response. Doing an ssh to 66.230.103.254 using port 1004, however, yeilds
> an "access denied" response. Also of interest, I had Lee try an ssh from
> my sister's computer to my computer, and it worked fine.
>
> I notice that SUSE does not list a default route in the output of netstat,
> which seems unusual. However, the use of the 0.0.0.0 network address
> apparently takes care of this. The "ifstatus eth0" command does list
> "default via 24.124.91.254" on my system. This brings me to my final
> point, which is that the "ifstatus eth0" command on my sister's computer
> states "dhcpcd is still waiting for data", and does not list any active
> routes. I've had my sister send me the network info from her computer on
> several different occasions (I sent her a script to run) and eth0 always
> appears this way. So it seems normal for her system, although still
> possibly not correct. The network configuration does work, at least for
> locally initiated connections. However, could the SUSE DHCP client not be
> working properly with the ACS DHCP server? Or is this just a quirk of DSL?
>
> I don't have any direct experience with DSL so I'm pretty much in the dark
> here. Any insight or suggestions would be much appreciated. The network
> configuration for my sister's system (hostname "linux") and my system
> (hostname "faye") follows.
>
> Thanks,
> John Schutter
>
>
> Network info for my sister's system ("linux"):
>
>
> /etc/hosts
> **********
> #
> # hosts This file describes a number of hostname-to-address
> # mappings for the TCP/IP subsystem. It is mostly
> # used at boot time, when no name servers are running.
> # On small systems, this file can be used instead of a
> # "named" name server.
> # Syntax:
> #
> # IP-Address Full-Qualified-Hostname Short-Hostname
> #
>
> 127.0.0.1 localhost
>
> # special IPv6 addresses
> ::1 localhost ipv6-localhost ipv6-loopback
>
> fe00::0 ipv6-localnet
>
> ff00::0 ipv6-mcastprefix
> ff02::1 ipv6-allnodes
> ff02::2 ipv6-allrouters
> ff02::3 ipv6-allhosts
> 127.0.0.2 linux.acsalaska.net linux
> _____________
>
> # netstat -in
> *************
> Kernel Interface table
> Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR
> Flg
> dsl0 1492 0 62 0 0 0 72 0 0 0
> MOPRU
> eth0 1500 0 565 0 0 0 90 0 0 0
> BMNRU
> lo 16436 0 50 0 0 0 50 0 0 0
> LRU
> _____________
>
> # netstat -rn
> *************
> Kernel IP routing table
> Destination Gateway Genmask Flags MSS Window irtt
> Iface
> 66.230.103.254 0.0.0.0 255.255.255.255 UH 0 0 0
> dsl0
> 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
> 0.0.0.0 66.230.103.254 0.0.0.0 UG 0 0 0
> dsl0
> _______________
>
> # ifconfig
> ***************
> dsl0 Link encap:Point-to-Point Protocol
> inet addr:66.230.103.102 P-t-P:66.230.103.254
> Mask:255.255.255.255
> UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
> RX packets:62 errors:0 dropped:0 overruns:0 frame:0
> TX packets:72 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:3
> RX bytes:7186 (7.0 Kb) TX bytes:3822 (3.7 Kb)
>
> eth0 Link encap:Ethernet HWaddr 00:48:54:65:40:C2
> inet6 addr: fe80::248:54ff:fe65:40c2/64 Scope:Link
> UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:565 errors:0 dropped:0 overruns:0 frame:0
> TX packets:90 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:84978 (82.9 Kb) TX bytes:11829 (11.5 Kb)
> Interrupt:169 Base address:0xe000
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> inet6 addr: ::1/128 Scope:Host
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:50 errors:0 dropped:0 overruns:0 frame:0
> TX packets:50 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:3260 (3.1 Kb) TX bytes:3260 (3.1 Kb)
>
> _______________
>
> # ifstatus eth0
> ***************
> eth0 device: Realtek Semiconductor Co., Ltd.
> RTL-8139/8139C/8139C+ (rev 10)
> eth0 configuration: eth-id-00:48:54:65:40:c2
> eth0 dhcpcd is still waiting for data
> eth0 is up
> 2: eth0: <BROADCAST,MULTICAST,NOTRAILERS,UP> mtu 1500 qdisc pfifo_fast
> qlen 1000
> link/ether 00:48:54:65:40:c2 brd ff:ff:ff:ff:ff:ff
> inet6 fe80::248:54ff:fe65:40c2/64 scope link
> valid_lft forever preferred_lft forever
> Configured routes for interface eth0:
> 169.254.0.0 - 255.255.0.0 eth0
> 0 of 1 configured routes for interface eth0 up
> _______________
>
> # ifstatus dsl0
> ***************
> dsl0
> interface dsl0 is up
> _______________
>
>
>
>
> Network info for my system ("faye"):
>
> /etc/hosts
> **********
> #
> # hosts This file describes a number of hostname-to-address
> # mappings for the TCP/IP subsystem. It is mostly
> # used at boot time, when no name servers are running.
> # On small systems, this file can be used instead of a
> # "named" name server.
> # Syntax:
> #
> # IP-Address Full-Qualified-Hostname Short-Hostname
> #
>
> 127.0.0.1 localhost
>
> # special IPv6 addresses
> ::1 localhost ipv6-localhost ipv6-loopback
>
> fe00::0 ipv6-localnet
>
> ff00::0 ipv6-mcastprefix
> ff02::1 ipv6-allnodes
> ff02::2 ipv6-allrouters
> ff02::3 ipv6-allhosts
> 127.0.0.2 faye.lawrence.ks.us faye
> _____________
>
> # netstat -in
> *************
> Kernel Interface table
> Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR
> Flg
> eth0 1500 0 766416 0 0 0 19 0 0 0
> BMNRU
> lo 16436 0 11752 0 0 0 11752 0 0 0
> LRU
> _____________
>
> # netstat -rn
> *************
> Kernel IP routing table
> Destination Gateway Genmask Flags MSS Window irtt
> Iface
> 24.124.88.0 0.0.0.0 255.255.252.0 U 0 0 0
> eth0
> 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0
> eth0
> 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
> 0.0.0.0 24.124.91.254 0.0.0.0 UG 0 0 0
> eth0
> _______________
>
> # ifconfig
> ***************
> eth0 Link encap:Ethernet HWaddr 00:13:D4:21:76:E9
> inet addr:24.124.90.235 Bcast:24.124.91.255 Mask:255.255.252.0
> inet6 addr: fe80::213:d4ff:fe21:76e9/64 Scope:Link
> UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:766416 errors:0 dropped:0 overruns:0 frame:0
> TX packets:19 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:538104381 (513.1 Mb) TX bytes:2224 (2.1 Kb)
> Interrupt:201 Memory:f9c00000-0
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> inet6 addr: ::1/128 Scope:Host
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:11752 errors:0 dropped:0 overruns:0 frame:0
> TX packets:11752 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:1729726 (1.6 Mb) TX bytes:1729726 (1.6 Mb)
>
> _______________
>
> # ifstatus eth0
> ***************
> eth0 device: Marvell Technology Group Ltd. Gigabit Ethernet
> Controller (rev 13)
> eth0 configuration: eth-id-00:13:d4:21:76:e9
> eth0 DHCP client (dhcpcd) is running
> IPADDR=24.124.90.235
> NETMASK=255.255.252.0
> GATEWAY=24.124.91.254
> DOMAIN='lawrence.ks.us'
> DNS=24.124.0.193,24.124.0.194,24.124.0.1
> DHCPSIADDR=24.124.0.253
> DHCPCHADDR=00:13:D4:21:76:E9
> REBINDTIME=9450
> eth0 is up
> 3: eth0: <BROADCAST,MULTICAST,NOTRAILERS,UP> mtu 1500 qdisc pfifo_fast
> qlen 1000
> link/ether 00:13:d4:21:76:e9 brd ff:ff:ff:ff:ff:ff
> inet 24.124.90.235/22 brd 24.124.91.255 scope global eth0
> inet6 fe80::213:d4ff:fe21:76e9/64 scope link
> valid_lft forever preferred_lft forever
> eth0 IP address: 24.124.90.235/22
> Configured routes for interface eth0:
> 169.254.0.0 - 255.255.0.0 eth0
> Active routes for interface eth0:
> 24.124.88.0/22 proto kernel scope link src 24.124.90.235
> 169.254.0.0/16 scope link
> default via 24.124.91.254
> 1 of 1 configured routes for interface eth0 up
> _______________
>
>
>
> --
> Lee Ross
> Anchorage, AK
> ---------
> To unsubscribe, send email to <aklug-request@aklug.org>
> with 'unsubscribe' in the message body.
>
>
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Mon Jul 3 10:49:00 2006