Trouble with sshd and other services from external ip

Discussion in 'Server Operation' started by pags, Dec 28, 2007.

  1. pags

    pags New Member

    I have the same problem as Sword has mentioned.http://www.howtoforge.com/forums/showthread.php?p=99933
    I have a dlink dsl g604t and i have put 10.1.1.100(Fedora 8 box) into the DMZ.

    I can ssh fine from the lan but if i try from an external ip i get access denied.

    hosts.deny is an empty file
    Fedora firewall has been disabled via system-config-firewall
    SELinux has been disabled via /etc/selinux/config & SELINUX=disabled

    This is my netstat -tap

    [root@pluto etc]# netstat -tap
    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp 0 0 *:netbios-ssn *:* LISTEN 1827/smbd
    tcp 0 0 pluto:9775 *:* LISTEN 16409/eggdrop
    tcp 0 0 *:sunrpc *:* LISTEN 1525/rpcbind
    tcp 0 0 pluto:domain *:* LISTEN 1667/named
    tcp 0 0 *:37909 *:* LISTEN 1544/rpc.statd
    tcp 0 0 pluto:ipp *:* LISTEN 1911/cupsd
    tcp 0 0 pluto:6040 *:* LISTEN 16907/psybnc
    tcp 0 0 pluto:rndc *:* LISTEN 1667/named
    tcp 0 0 *:microsoft-ds *:* LISTEN 1827/smbd
    LISTEN 1667/named
    tcp 0 0 *:ssh *:* LISTEN 1730/sshd
    tcp 0 0 localhost6.localdomain:rndc *:* LISTEN 1667/named
    tcp 0 0 pluto:ssh ::ffff:10.1.1.2:53073 ESTABLISHED 17776/2
    tcp 0 0 pluto:ssh ::ffff:10.1.1.2:52753 ESTABLISHED 16961/sshd: pags [p
    tcp 0 0 pluto:ssh ::ffff:10.1.1.2:51681 ESTABLISHED 2051/sshd: pags [pr

    anyone have an idear of what im missing?

    Cheers and thanks
     
    pags, Dec 28, 2007
    #1
  2. pags

    pags New Member

    Perhaps the router is the problem here ?
    So now im sure this is an issue caused by the DSL-G604T, i can see my ssh connection attempts to fedora in the routers logs

    12:03:12> login attempt for nonexistant user 'pags' from (null)
    12:20:38> login attempt for nonexistant user 'pags' from (null)
    13:08:11> bad password attempt for 'root' from (null)
     
    pags, Dec 28, 2007
    #2
  3. falko

    falko Super Moderator Howtoforge Staff

    Are you absolutely sure your server is in the DMZ? Have you tried to restart the router?
     
    falko, Dec 28, 2007
    #3
  4. pags

    pags New Member

    im 100% sure the g604t has the linux box in the dmz, tho i now think its the g604t's problem, reading around it seams alot of people have lots of troubles with this adsl modem.
     
    pags, Dec 28, 2007
    #4
  5. falko

    falko Super Moderator Howtoforge Staff

    Have you tried to restart it?
     
    falko, Dec 29, 2007
    #5
  6. brainz

    brainz Member

    Hi,

    If you want ssh access to the internal server running sshd..

    I think the way to do this is to setup a VPN passthrough to a terminal server inside the network... Then using something like putty shh to the linux box running sshd.

    Its not the most practical solution... But it works... Also it is slighly more secure hence the the encrypted VPN tunnel...

    Also this router does not support local loopback...
    Also i think putting the server in or out of the DMZ really does not work..

    regards
    brainz ;)
     
    brainz, Aug 28, 2009
    #6

Share This Page