Accessing A Fedora 7 Box FROM The Net

Chris Tyler chris at tylers.info
Tue May 5 12:34:10 UTC 2009 

On Tue, 2009-05-05 at 08:07 -0400, Admin at AnythingGoes wrote:
> Hello Fedora-list,
> 
> I have a F7 server that has been working perfectly as far as getting
> people out into the net.
> 
> But recently, I have needed the capability to access the server FROM
> the net.
> 
> I can ping the server, but I cannot SSH in, FTP in or WEB BROWSE in..
> All the appropriate servers are running and are easily accessed from
> within the 192.168.1.x subnet..
> 
> I don't have a router in place between the box and the Net. I am
> using a DSL Modem in Dumb/Bridge mode. The Fedora 7 handles the
> connection and authentication and acts as a
> Gateway/Router/Firewall to the rest of the 192.168.1.x subnet.
> 
> Another point is I DO have a firewall in play (FireStarter) but I have
> set a rule so that the IP of the test machine is cleared to come in on
> all ports. I have also completely shutdown FireStarter and I still
> couldn't access the Server.  IPtables is also shut down completely,
> so that's not interfering with the connection.
> 
> I am sure it's something grossly simple that I am missing.
> Any help would be most appreciated.

Some possible diagnostic suggestions:

- "netstat -a" will show you which servers are listening, on which
interfaces and on which ports. You can use this to confirm that your ssh
daemon is listening to the external interface as well as the internal
one.

- "iptables -L" will show you your current iptables configuration. If
the firewall is truly disabled, you should see something like:

  Chain INPUT (policy ACCEPT)
  target     prot opt source               destination         

  Chain FORWARD (policy ACCEPT)
  target     prot opt source               destination         

  Chain OUTPUT (policy ACCEPT)
  target     prot opt source               destination         

If you see otherwise, and assuming that the default policy is ACCEPT (as
shown above: "(policy ACCEPT)"), then you can flush the rules with
"iptables -F" (Warning: flushing the rules with another default policy
will result in no packets getting through!).

- Review your ssh daemon configuration in /etc/ssh/sshd_config

- From the remote machine, test which ports (if any) are listening on
the F7 host using a tool such as 'nmap'. If netstat shows that the port
is listening, and iptables shows that it's not being blocked locally, it
may be that the ISP is blocking access. In that case, consider adding an
additional listening port (e.g., 222 or 2222) to the ssh configuration,
and accessing via that (ssh -p 222 foo at bar)

--
Chris

More information about the fedora-list mailing list