From: chuck gelm <chuck@gelm.net>
To: gerardo juarez-mondragon <gjuarezmondragon@metacrawler.com>
Cc: linux-admin@vger.kernel.org
Subject: Re: Network accessibility problem
Date: Fri, 07 Apr 2006 11:18:31 +0000 [thread overview]
Message-ID: <44364A87.6010808@gelm.net> (raw)
In-Reply-To: <0AE15BC76B45A2544A679DA133285E53@gjuarezmondragon.metacrawler.com>
gerardo juarez-mondragon wrote:
>I have a Fedora Core 2 server running in a
>network behind a firewall. I need access to ports
>22 and 80 from outside but the firewall
>administration is not under my control. I have
>requested this access to be opened and the
>administrator says it is already open, yet I
>still cannot access it from outside.
>
>I have run a few tests and this is what I found:
>
>(Filtering tables are flushed with iptables -F,
>on the server, prior to the tests)
>
>I can ping to/from it from/to any place, whether
>it is inside or outside the office.
>
>I can ssh to it from any place *inside*, but not
> from outside. A ssh -v from a computer outside
>succeeds up to the "entering event loop" message
>(which means it has presumably connected but the
>dialog does not proceed beyond this point).
>Viceversa, attempting a ssh session past the
>firewall results in an instantaneous 'Connection
>refused' message. The same connection from
>another computer succeeds, proving a ssh server
>was indeed running at the other end.
>
>telneting to port 80 produces this result:
>
>Trying 207.284.xxx.yyy...
>Connected to 207.248.xxx.yyy.
>Escape character is '^]'.
>
>when attempted from the (outside) ip authorized
>to access the computer. Any other ip just gets to
>the 'Trying...' line. This is correct and what
>should be happening, yet a browser reports
>'request sent' and proceeds no further when
>pointed to the address. (The Apache installation
>index page should be displayed).
>
>The administrator argues that some 'service'
>within my server is blocking packets, but I don't
>know that SSH can be configured to restrict
>access to specific ip segments. It can restrict
>access to *accounts*. Nor that there is such a
>service, except the firewall, whose tables I have
>already flushed.
>
>Am I missing something? What other tests do you
>suggest?
>
>Thanks,
>Gerardo
>
>
Dear Gerardo:
You mention only trying one port (ssh:22) from the 'outside'
and that the ssh attempt failed.
You did not mention that the 'Fedora Core 2 server" (FC2S)
has a routeable IP address. What ports of the FC2S are
reachable from the outside?
HTH, Chuck
next prev parent reply other threads:[~2006-04-07 11:18 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-04-07 1:50 Network accessibility problem gerardo juarez-mondragon
2006-04-07 7:02 ` Glynn Clements
2006-04-07 11:18 ` chuck gelm [this message]
2006-04-07 11:54 ` Andreas P. Koenzen
2006-04-07 12:45 ` level
-- strict thread matches above, loose matches on Subject: below --
2006-04-07 15:24 Opaschi Octav
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=44364A87.6010808@gelm.net \
--to=chuck@gelm.net \
--cc=gjuarezmondragon@metacrawler.com \
--cc=linux-admin@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).