> I have a Fedora Core 2 server running in a > network behind a firewall. I need access to ports > 22 and 80 from outside but the firewall > administration is not under my control. I have > requested this access to be opened and the > administrator says it is already open, yet I > still cannot access it from outside. > > I have run a few tests and this is what I found: > > (Filtering tables are flushed with iptables -F, > on the server, prior to the tests) > > I can ping to/from it from/to any place, whether > it is inside or outside the office. > > I can ssh to it from any place *inside*, but not > from outside. A ssh -v from a computer outside > succeeds up to the "entering event loop" message > (which means it has presumably connected but the > dialog does not proceed beyond this point). > Viceversa, attempting a ssh session past the > firewall results in an instantaneous 'Connection > refused' message. The same connection from > another computer succeeds, proving a ssh server > was indeed running at the other end. > > telneting to port 80 produces this result: > > Trying 207.284.xxx.yyy... > Connected to 207.248.xxx.yyy. > Escape character is '^]'. > > when attempted from the (outside) ip authorized > to access the computer. Any other ip just gets to > the 'Trying...' line. This is correct and what > should be happening, yet a browser reports > 'request sent' and proceeds no further when > pointed to the address. (The Apache installation > index page should be displayed). > > The administrator argues that some 'service' > within my server is blocking packets, but I don't > know that SSH can be configured to restrict > access to specific ip segments. It can restrict > access to *accounts*. Nor that there is such a > service, except the firewall, whose tables I have > already flushed. > > Am I missing something? What other tests do you > suggest? > > Thanks, > Gerardo Hi, I am not very good at this (still learning), but I was thinking hat maybe you could use traceroute to see what is the last machine that you can reach outside of your server network. If I am not mistaken, you can specify a port to traceroute. However, I think that the problem is the firewall (maybe a error of the admin?), since your machine accept incoming requests. - : send the line "unsubscribe linux-admin" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
