Re: possible problem with scp/ssh/telnet --- additional info

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 8/11/2012 11:59 PM, Paul Allen Newell wrote:

Hello:
Up until recently, I have been able to scp/ssh from my F16 box to my WinXP under cygwin without problem. Today, it appears that isn't the case.
Last "yum update" was 29jul12. Cygwin hasn't changed in months (once I have something that works I am loathe to update as I don't really get it well enough to ride a more bleeding edge)
I can ping both ways but can only scp/ssh from cygwin to F16 (though I don't use it, I tested telnet and got the same results). I swapped in my "log all problems" version of iptables on the F16 box and can see that it is logging errors and I see the following: 

+++
Aug 11 23:43:43 yoyo kernel: [ 779.725071] <IPTABLES: LOG REJECT> IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1e:8c:c3:21:d6:08:00 SRC=192.168.2.14 DST=192.168.2.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=33554 PROTO=UDP SPT=138 DPT=138 LEN=209 Aug 11 23:43:48 yoyo kernel: [ 785.386501] <IPTABLES: LOG REJECT> IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1e:8c:c3:21:d6:08:00 SRC=192.168.2.14 DST=192.168.2.255 LEN=234 TOS=0x00 PREC=0x00 TTL=128 ID=33555 PROTO=UDP SPT=138 DPT=138 LEN=214 
+++
I did a google but this information is pretty much Greek to me so I didn't find anything because I didn't understand how to find something
My big question is "any suggestions?" There is a second minor issue about is there a way to force iptables to immediately flush a message to the log file as I had to wait about 10 minutes to get something. 

Thank in advance,
Paul
Of course, after sending this I realized that it might be helpful if I sent a copy of my iptables, sorry for not having that thought before I sent the initial email (groan) 

+++
[root@yoyo ~]# more /etc/sysconfig/iptables
# Generated by iptables-save v1.4.12 on Sat Aug 11 23:29:10 2012
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -s 127.0.0.1/32 -d 192.168.2.0/24 -p udp -m state --state NEW -m udp --
dport 631
-A INPUT -s 127.0.0.1/32 -d 192.168.2.0/24 -p tcp -m state --state NEW -m tcp --
dport 631
-A INPUT -j LOG --log-prefix "<IPTABLES: LOG REJECT> "
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Sat Aug 11 23:29:10 2012
[root@yoyo ~]#
+++



--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux