iptables (Re: Connection Refused on ssh)

John J. Boyer director at chpi.org
Fri Oct 8 19:18:20 UTC 2004 

Janina,

Yes, ssd is definitely running. I've restarted it several times after 
making changes. Nmap doesn't show anything interesting. now  I'll try 
stopping iptables and see what happens.

John


On Fri, 8 Oct 2004, Janina Sajka wrote:

> Yes, but you still haven't shown us anything that confirms whether (or
> not) sshd is actually running.
> 
> I've suggested nmap (which is installed with a Fedora or Redhat
> "everything" install). Others have suggested more primitive strategies,
> such as looking for pidof sshd, or telnet [address] 22, which also
> works.
> 
> Is there actually an sshd listening at that machine/s address, whatever
> it happens to be?
> 
> PS: To get iptables out of the way (certainly an important thing when
> debugging) do:
> 
> service iptables stop
> 
> John J. Boyer writes:
> > John,
> > 
> > I really think the problem may be with iptables. We've eliminated just
> > about everything else. H?owever, there is no ma pagel for netconfig, and
> > when I tried running it, I wasn't sure what to do. Really, all I need is
> > to let one IP address use ssh. There is a man mage for iptables, but it
> > looks so complicated that I wouldn't want to mess with it unless I knew
> > exactly what I was doing.
> > 
> > Thanks,
> > John
> > 
> > 
> > On Fri, 8 Oct 2004, John Heim wrote:
> > 
> > > At 11:22 AM 10/7/2004, Mike Gorse you wrote:
> > > >Also, are you sure that sshd is running on the machine (ie, pidof sshd 
> > > >returns something)?  If so, then try using ipchains or iptables to make 
> > > >sure it isn't being firewalled.  At one point we had a RH box at work on 
> > > >which I was trying to enable ssh, but the person who installed rh had 
> > > >selected an option for a firewall, so I wound up needing to edit a file in 
> > > >/etc/sysconfig (the file did say that manually editing it was not 
> > > >recommended, but it didn't say how I was supposed to edit it if not 
> > > >manually) to tell it to accept connections on port 22 as it did for 23 and 
> > > >others.
> > > 
> > > 
> > > You can run  netconfig. It would allow you to allow ssh connections through 
> > > your firewall. When you exit, it saves it's settings in 
> > > /etc/sysconfig/iptables. That file is the one that says you shouldn't edit 
> > > it manually.
> > > 
> > > That netconfig program is pretty limited in what it can do.   And the file 
> > > it creates has the same format as iptables-save.  So what you can do is 
> > > issue iptables commands until you've got your firewall configured just the 
> > > way you want it thand do this:
> > > 
> > > $ iptables-save > /etc/sysconfig/iptables
> > > 
> > > The next time you reboot, your firewall will be just like it was when you 
> > > issued the above command.
> > > 
> > > 
> > > 
> > > 
> > > 
> > > _______________________________________________
> > > Blinux-list mailing list
> > > Blinux-list at redhat.com
> > > https://www.redhat.com/mailman/listinfo/blinux-list
> > > 
> > 
> > -- 
> > John J. Boyer; Executive Director, Chief Software Developer
> > Computers to Help People, Inc.
> > http://www.chpi.org
> > 825 East Johnson; Madison, WI 53703
> > 
> > 
> > _______________________________________________
> > Blinux-list mailing list
> > Blinux-list at redhat.com
> > https://www.redhat.com/mailman/listinfo/blinux-list
> 
> 

-- 
John J. Boyer; Executive Director, Chief Software Developer
Computers to Help People, Inc.
http://www.chpi.org
825 East Johnson; Madison, WI 53703

More information about the Blinux-list mailing list