Ping & sshd works, ssh does not. Iptables port closed?

siegfried · #1 27th August 2012, 06:44 AM

I'm using virtual box 4.1.20 on a windows 7 host and fedora 17 guest. Windows can ping fedora and fedora can ping windows.

sshd is running on fedora because I "ssh 127.0.0.1" works. However, cygwin ssh on windows times out.

I've been experiment with different network adapaters and discovered that if I use the "NAT" adapter, I can "yum install emacs" and that worked.

So, I think I need to open up port 22 for ssh to get in. Can someone give me the commands to open the ssh port (22 I think?) so I can use ssh to transfer files?

I tried using samba, but I'm guess that does not work for the same reason.

I think I need to run some iptables command... Can someone guide me please?

Thanks
Siegfried

stevea · #2 27th August 2012, 07:51 AM

Use the gui tool. system-config-firewall
The check the sshd server port 22 tcp tag and hit the 'apply' button or whatever it's called.

siegfried · #3 27th August 2012, 07:58 PM

Thanks. Port 22 is already checked in the gui tool you mentioned and cygwin ssh still says the same thing: "ssh: connect to host 192.168.1.119 port 22: Connection time out".

I can ping both ways....

What could be wrong? Why is cygwin ssh timing out?

What else can I check?

:ssh siegfried@192.168.1.119" from the fedora guest to itself works fine!

Arggghhh! this is fustrating!

Thanks for the prompt responses so far!

Siegfried

PabloTwo · #4 27th August 2012, 08:26 PM

When I setup ssh/sshd on my F16 laptop so I could ssh into it from my dekstop pc, besides allowing port 22 in the firewall on the laptop, I discovered I also had to "allow" the network device on that port (for that network service actually) before I could connect to the laptop. In the case of my laptop, connected via wireless, that was network device em2. I configured that via the console based firewall (system-config-firewall-tui). I don't know where in the GUI firewall config app you do that.

---------- Post added at 03:26 PM ---------- Previous post was at 03:09 PM ----------

Here's what the firewall config file looks like on my laptop after setting both the wired and wireless LAN ports to "trusted" via the console firewall configuration utility.

Code:

[paul@CarCrusher ~]$ sudo cat /etc/sysconfig/system-config-firewall
# Configuration file for system-config-firewall

--enabled
--trust=eth+
--trust=wlan+
--service=ssh

By default, no network device is trusted, so attempts to ssh into the machine are blocked, even though sshd is running and port 22 is open.

Bazu135 · #5 27th August 2012, 08:35 PM

I had a similar problem between two of my Fedora machines - everything else connected without issues, but one pair had problems, and only one way between them.

In the end, I got exasperated enough that I disabled the server machine's firewall completely, which allowed me to connect. After that, I signed out, re-enabled the firewall, and tried again - and it worked! Not sure what the issue was, but it's worked fine since

jpollard · #6 27th August 2012, 10:19 PM

Check the sshd configuration file /etc/ssh/sshd_config and make sure the entry for "ListenAddress" is 0.0.0.0.

That is the default, but if it got set to 127.0.0.1 then it will work for loopback, but not for anything else.

siegfried · #7 28th August 2012, 10:20 PM

Shucks! Same error from cygwin ssh client: timeout! I tried Pablo's suggestion and jpollard's suggestion. Now what? Can someone guide me in turning off the firewall completely as Bazu suggested?

Thanks!
Siegfried

Bazu135 · #8 28th August 2012, 11:08 PM

I just did it through the GUI (system-config-firewall) - there's a big red 'disable' button at the top

Doug G · #9 29th August 2012, 12:09 AM

I just checked that I could ssh from cygwin to another 192.168.0.x computer on my LAN. One probably dumb question, is your windows host IP on the same network as your virtual box fedora? With KVM anyway, unless you specifically set up a bridged network connection , the VM network isn't accessible from the host network.

siegfried · #10 29th August 2012, 09:23 PM

[/COLOR]

Quote:

Originally Posted by Bazu135

I just did it through the GUI (system-config-firewall) - there's a big red 'disable' button at the top

Yahoo! I clicked that big red button and scp finally worked! I'm sooooo happy!

So, I guess this proves that I have selected the correct adapter (bridge)? (I found the choice of network adapters a little less than obvious).

So I guess I'll enable the NAT adapter so I can get to the outside world too?

So does anyone have any more suggestions that could help me make this (scp/ssh) work with the firewall enabled? I'd like to know how to do that and I've taken all the other suggestions above.

I have not played with the wizard in the GUI. I wonder if that would do anything beyond what I've already done by clicking the check box for sshd?

Hmmm... Can anyone tell me what I should be seeing in the firewall config file after clicking the checkbox for sshd? Maybe I'm not saving the results of the GUI dialog correctly? Hmmm... Well I did run the GUI just now (prior to disabling the firewall) and I did see that sshd checkbox was still checked from yesterday so that makes me think it was saved correctly. Nevertheless: can someone post their firewall config file for which sshd works from the outside?

Thanks,
Siegfried