Re: Network accessibility problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

gerardo juarez-mondragon wrote:


I have a Fedora Core 2 server running in a
network behind a firewall. I need access to ports
22 and 80 from outside but the firewall
administration is not under my control. I have
requested this access to be opened and the
administrator says it is already open, yet I
still cannot access it from outside.

I have run a few tests and this is what I found:

(Filtering tables are flushed with iptables -F,
on the server, prior to the tests)

I can ping to/from it from/to any place, whether
it is inside or outside the office.

I can ssh to it from any place *inside*, but not
from outside. A ssh -v from a computer outside
succeeds up to the "entering event loop" message
(which means it has presumably connected but the
dialog does not proceed beyond this point).
Viceversa, attempting a ssh session past the
firewall results in an instantaneous 'Connection
refused' message. The same connection from
another computer succeeds, proving a ssh server
was indeed running at the other end.

telneting to port 80 produces this result:

Trying 207.284.xxx.yyy...
Connected to 207.248.xxx.yyy.
Escape character is '^]'.

when attempted from the (outside) ip authorized
to access the computer. Any other ip just gets to
the 'Trying...' line. This is correct and what
should be happening, yet a browser reports
'request sent' and proceeds no further when
pointed to the address. (The Apache installation
index page should be displayed).

The administrator argues that some 'service'
within my server is blocking packets, but I don't
know that SSH can be configured to restrict
access to specific ip segments. It can restrict
access to *accounts*. Nor that there is such a
service, except the firewall, whose tables I have
already flushed.

Am I missing something? What other tests do you
suggest?

Thanks,
Gerardo


Dear Gerardo:

You mention only trying one port (ssh:22) from the 'outside'
and that the ssh attempt failed.

You did not mention that the 'Fedora Core 2 server" (FC2S)
has a routeable IP address.  What ports of the FC2S are
reachable from the outside?

HTH, Chuck

-
: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Newbie]     [Audio]     [Hams]     [Kernel Newbies]     [Util Linux NG]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Device Drivers]     [Samba]     [Video 4 Linux]     [Git]     [Fedora Users]

  Powered by Linux