Re: Network accessibility problem

["Andreas P. Koenzen" <acoello@pla.net.py>]

gerardo juarez-mondragon wrote:
> I have a Fedora Core 2 server running in a
> network behind a firewall. I need access to ports
> 22 and 80 from outside but the firewall
> administration is not under my control. I have
> requested this access to be opened and the
> administrator says it is already open, yet I
> still cannot access it from outside.
>
> I have run a few tests and this is what I found:
>
> (Filtering tables are flushed with iptables -F,
> on the server, prior to the tests)
>
> I can ping to/from it from/to any place, whether
> it is inside or outside the office.
>
> I can ssh to it from any place *inside*, but not
>  from outside. A ssh -v from a computer outside
> succeeds up to the "entering event loop" message
> (which means it has presumably connected but the
> dialog does not proceed beyond this point).
> Viceversa, attempting a ssh session past the
> firewall results in an instantaneous 'Connection
> refused' message. The same connection from
> another computer succeeds, proving a ssh server
> was indeed running at the other end.
>
> telneting to port 80 produces this result:
>
> Trying 207.284.xxx.yyy...
> Connected to 207.248.xxx.yyy.
> Escape character is '^]'.
>
> when attempted from the (outside) ip authorized
> to access the computer. Any other ip just gets to
> the 'Trying...' line. This is correct and what
> should be happening, yet a browser reports
> 'request sent' and proceeds no further when
> pointed to the address. (The Apache installation
> index page should be displayed).
>
> The administrator argues that some 'service'
> within my server is blocking packets, but I don't
> know that SSH can be configured to restrict
> access to specific ip segments. It can restrict
> access to *accounts*. Nor that there is such a
> service, except the firewall, whose tables I have
> already flushed.
>
> Am I missing something? What other tests do you
> suggest?
>
> Thanks,
> Gerardo
>
>
>
>
> Searching for the best free email?  Try MetaCrawler Mail, from the #1 metasearch service on the Web, http://www.metacrawler.com
> -
> To unsubscribe from this list: send the line "unsubscribe linux-admin" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>
>   
Hello Gerardo...  
The problem that you are experience it's coming from the Servers' 
Iptables Rules, you really should check with your server Admin. Maybe 
the port 22 and 80 are block from connections coming from an IP outside 
the range of your local network. If you can log into a the server from 
within the network and not from outside it is probably a rule from 
Iptables blocking outside connections.

Saludos   
AKC