PDA

View Full Version : Incoming Connection Issues



ravensorrow
24th September 2010, 03:53 PM
I have an f13 Installation on my laptop (BlackDragon). I can make any out going connection I want without a problem. Including to other *nix boxes on my Lan. The problem is that I cannot connect to BlackDragon from any other computer.

Computers in question:
BlackDragon: Outgoing communication only (192.168.0.4/f13)
Ziggy: Bi-directional communication (192.168.0.3/FreeBSD 7.3)
Stewie: Bi-directional communication (192.168.0.2/Gentoo)
Leviathan: Bi-directional communication (192.168.0.6/Windows 7)


Firewall on f13 is off. No firewall implemented on other boxes. As far as I can tell, iptables is clean as well.


# service iptables status']
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination

Chain FORWARD (policy ACCEPT)
num target prot opt source destination

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination

[root@blackdragon ~]#


I would like to know why I cannot connect to my f13 laptop and how I can fix it?

ravensorrow
1st October 2010, 03:42 PM
*bumb* Any idea's on this?

ShanxT
1st October 2010, 06:30 PM
Is selinux running? You could check with running 'getenforce' as root.

ravensorrow
1st October 2010, 07:12 PM
[root@blackdragon ~]# getenforce
Disabled
[root@blackdragon ~]#

ShanxT
2nd October 2010, 05:35 AM
Ok, this is an interesting problem, I may not succeed, but I'll try to help:

1) Can you ping your router? If you can't, what's the error message you get? What's the router's ip?

2) Is your network 192.168.0.0/24? Ziggy seems to be on a 193 network.

3) Is it a static or dynamic configuration? In either case, post the content of '/etc/sysconfig/network-scripts/ifcfg-eth0'. (Replace 'eth0' with your network interface, if necessary.)

4) Check your '/var/log/messages' file on BlackDragon. Then run 'ping 192.168.0.4' and 'tracert 192.168.0.4' from stewie, post the first five results of those here, and also check if there's been any addition to '/var/log/messages'. If there has been, post that here too.

5) Post the uncommented portions of '/etc/hosts.allow' and '/etc/hosts.deny', if any.

6) I know you did this, but please check 'system-config-securitylevel' again to ensure the firewall and SELinux are disabled.

ravensorrow
2nd October 2010, 06:05 AM
1) Can you ping your router? If you can't, what's the error message you get? What's the router's ip?

Yes, Router is 192.168.0.1

[root@blackdragon ~]# ping 192.168.0.1
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.
64 bytes from 192.168.0.1: icmp_seq=1 ttl=64 time=0.955 ms
64 bytes from 192.168.0.1: icmp_seq=2 ttl=64 time=0.788 ms
64 bytes from 192.168.0.1: icmp_seq=3 ttl=64 time=0.795 ms
64 bytes from 192.168.0.1: icmp_seq=4 ttl=64 time=1.02 ms
64 bytes from 192.168.0.1: icmp_seq=5 ttl=64 time=0.781 ms
^C
--- 192.168.0.1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4215ms
rtt min/avg/max/mdev = 0.781/0.868/1.022/0.102 ms
[root@blackdragon ~]#


2) Is your network 192.168.0.0/24? Ziggy seems to be on a 193 network.

I typoed, I fixed my first post to put Ziggy back on the 192 network. Fat fingers and a tiny laptop keyboard. Mistakes abound!


3) Is it a static or dynamic configuration? In either case, post the content of '/etc/sysconfig/network-scripts/ifcfg-eth0'. (Replace 'eth0' with your network interface, if necessary.)

All IP's are static on my lan except for my roommate's roaming laptop (his eth0 is static but wireless is not). I run a local live DNS server and all my IP's have a corresponding hostname.domain.tld schema for my LAN. DNS works fine. If needed, I can post successful hosts from the dns server.


[root@blackdragon ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
# nVidia Corporation MCP67 Ethernet
DEVICE=eth0
BOOTPROTO=none
DNS1=192.168.0.2
GATEWAY=192.168.0.1
HWADDR=00:1D:72:5B:F5:D6
IPADDR=192.168.0.4
NETMASK=255.255.255.255
ONBOOT=yes
TYPE=Ethernet
PREFIX=32
DOMAIN=xaerolimit.net
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System eth0"
UUID=5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03
DNS2=4.2.2.1
NM_CONTROLLED=yes
USERCTL=no
[root@blackdragon ~]#




4) Check your '/var/log/messages' file on BlackDragon. Then run 'ping 192.168.0.4' and 'tracert 192.168.0.4' from stewie, post the first five results of those here, and also check if there's been
any addition to '/var/log/messages'. If there has been, post that here too.



chris@stewie ~ $ ping 192.168.0.4
PING 192.168.0.4 (192.168.0.4) 56(84) bytes of data.
64 bytes from 192.168.0.4: icmp_req=1 ttl=63 time=1.46 ms
64 bytes from 192.168.0.4: icmp_req=2 ttl=63 time=0.725 ms
64 bytes from 192.168.0.4: icmp_req=3 ttl=63 time=0.725 ms
64 bytes from 192.168.0.4: icmp_req=4 ttl=63 time=0.557 ms
64 bytes from 192.168.0.4: icmp_req=5 ttl=63 time=0.714 ms
^C
--- 192.168.0.4 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4002ms
rtt min/avg/max/mdev = 0.557/0.838/1.469/0.321 ms
chris@stewie ~ $




chris@stewie ~ $ sudo tracepath 192.168.0.4
Password:
1: stewie.xaerolimit.net 0.266ms pmtu 1500
1: blackdragon.xaerolimit.net 1.387ms reached
1: blackdragon.xaerolimit.net 1.145ms reached
Resume: pmtu 1500 hops 1 back 63
chris@stewie ~ $




[root@blackdragon ~]# tail -f /var/log/messages
Oct 1 23:39:44 blackdragon smartd[1613]: Device: /dev/sda [SAT], 1 Currently unreadable (pending) sectors
Oct 1 23:46:55 blackdragon kernel: lo: Disabled Privacy Extensions
Oct 2 00:09:44 blackdragon smartd[1613]: Device: /dev/sda [SAT], FAILED SMART self-check. BACK UP DATA NOW!
Oct 2 00:09:45 blackdragon smartd[1613]: Device: /dev/sda [SAT], 1 Currently unreadable (pending) sectors
Oct 2 00:39:44 blackdragon smartd[1613]: Device: /dev/sda [SAT], FAILED SMART self-check. BACK UP DATA NOW!
Oct 2 00:39:44 blackdragon smartd[1613]: Device: /dev/sda [SAT], 1 Currently unreadable (pending) sectors
Oct 2 00:42:06 blackdragon abrt[30957]: saved core dump of pid 20695 (/usr/bin/pidgin) to /var/spool/abrt/ccpp-1285994520-20695.new/coredump (126894080 bytes)
Oct 2 00:42:06 blackdragon abrtd: Directory 'ccpp-1285994520-20695' creation detected
Oct 2 00:42:13 blackdragon abrtd: New crash /var/spool/abrt/ccpp-1285994520-20695, processing
Oct 2 00:42:13 blackdragon abrtd: RunApp('/var/spool/abrt/ccpp-1285994520-20695','test x"`cat component`" = x"xorg-x11-server-Xorg" && cp /var/log/Xorg.0.log .')
^C
[root@blackdragon ~]#


I'm aware of the Smart Errors ... but that shouldn't cause any of the problems I am having....


5) Post the uncommented portions of '/etc/hosts.allow' and '/etc/hosts.deny', if any.

hosts.{allow|deny} are default and contain nothing.


6) I know you did this, but please check 'system-config-securitylevel' again to ensure the firewall and SELinux are disabled.

I don't have 'system-config-securitylevel' I do have 'system-config-firewall-tui' and system-config-selinux' both of which are still disabled.

ShanxT
2nd October 2010, 07:42 AM
Ok I'm confused. You can successfully ping from stewie to BlackDragon, so that means you can connect from other computers to BlackDragon, right? Is there a particular program that isn't connecting?

Also, in '/etc/sysconfig/network-scripts/ifcfg-eth0', I think your value for the subnet mask should be:

NETMASK=255.255.255.0

ravensorrow
2nd October 2010, 01:40 PM
Yes, I've always had two-way Ping communication. I updated my Netmask to reflect the change from 255.255.255.255 to 255.255.255.0, what do I need to do to restart the interface?

ShanxT
2nd October 2010, 01:44 PM
Run 'service network restart'

ravensorrow
2nd October 2010, 01:50 PM
OK, network restarted. Status Quo.

ravensorrow
13th October 2010, 06:35 PM
I'm still unable to connect to my laptop ....

jpollard
13th October 2010, 06:44 PM
What service are you trying to connect to?

ravensorrow
13th October 2010, 06:47 PM
SSH and Samba

jpollard
13th October 2010, 06:49 PM
So the laptop is going to be a server for Windows?...

In the other case, is sshd running? You should be able to do an nmap
scan from one of the other systems to see if the port is open.

ravensorrow
13th October 2010, 06:57 PM
SSHd is running, I can ping my laptop just fine. I set up Samba just so I can move files to/from my $HOME w/o using an sFTP client and this works just fine for my Gentoo and FreeBSD boxes. But it doesn't seem to want to work in F13.

ravensorrow
18th October 2010, 04:39 AM
Still can't figure out exactly what I cannot connect to my f13 install on my laptop. Iptables is empty, FW is off, SELinux is off, nothing in hosts.deny. it just refuses all incoming connections. SSHd and Samba are running and I can connect to them LOCALLY only.

mndar
18th October 2010, 05:21 AM
You should be able to do an nmap
scan from one of the other systems to see if the port is open.As jpollard suggested, did nmap show any open ports? The command to scan for open ports is nmap -sT 192.168.0.4
You could try telnet 192.168.0.4 22 for sshd and telnet 192.168.0.4 139 for samba from the Gentoo and FreeBSD boxes to check if at least a TCP connection is being established.


it just refuses all incoming connections. SSHd and Samba are running and I can connect to them LOCALLY only.
Can you post the command you use and the error message you receive when trying to connect to the F13 box from the Gentoo/FreeBSD boxes?


Ziggy: Bi-directional communication (192.168.0.3/FreeBSD 7.3)
Stewie: Bi-directional communication (192.168.0.3/Gentoo)
Both having IP 192.168.0.3. That's a typo, right?

ravensorrow
18th October 2010, 11:17 PM
As jpollard suggested, did nmap show any open ports? The command to scan for open ports is nmap -sT 192.168.0.4
You could try telnet 192.168.0.4 22 for sshd and telnet 192.168.0.4 139 for samba from the Gentoo and FreeBSD boxes to check if at least a TCP connection is being established.


Can you post the command you use and the error message you receive when trying to connect to the F13 box from the Gentoo/FreeBSD boxes?


Both having IP 192.168.0.3. That's a typo, right?

1. Nmap from both machines says all 1000 ports are filtered (how? iptables is empty)
2. telnetting to ports 22 and 139 on 192.168.0.4 times out
3. when I ssh to or try and mount a SMB fs on 192.168.0.4 it times out.

mndar
19th October 2010, 02:28 AM
. Iptables is empty, FW is off, SELinux is off, nothing in hosts.deny.
Just to make sure, run service iptables stop

ravensorrow
19th October 2010, 05:34 AM
iptables is off, still unable to connect by any means. It's like something is still running and is just forcing everything to /dev/null. When I stoped iptables, I verified sshd/samba were running and they are.

---------- Post added at 12:34 AM GMT ---------- Previous post was at 12:32 AM GMT ----------

Switched to my laptop to post a *LOCAL* nmap



[root@blackdragon ~]# nmap -sT 192.168.0.4

Starting Nmap 5.21 ( http://nmap.org ) at 2010-10-19 00:32 EDT
Nmap scan report for blackdragon.xaerolimit.net (192.168.0.4)
Host is up (0.00063s latency).
Not shown: 993 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
139/tcp open netbios-ssn
445/tcp open microsoft-ds
901/tcp open samba-swat
5900/tcp open vnc
9876/tcp open sd

Nmap done: 1 IP address (1 host up) scanned in 0.26 seconds
[root@blackdragon ~]#

mndar
19th October 2010, 11:15 AM
Any chance you can try connecting to this box to another using a cross over cable instead of going through a switch and then test?
I know it seems elementary but since none of the usual troubleshooting techniques have worked it might be helpful to try very basic things.

ravensorrow
19th October 2010, 02:14 PM
I would love to, my cat chewed though my last cross-over cable :( Don't have the money to buy a new one (or make one)

jpollard
19th October 2010, 02:17 PM
Try using a normal cable... Most of the new interfaces will recognize the
error, and switch configuration automatically.

Doesn't always work as it depends on both interfaces not switching at the
same time.

But sometimes.

Oh - if you still have the chewed through cable you can fix that one, if the
cat didn't chew off just the connector - just expose a couple of inches of
the cable (outer covering), then strip 1 inch from each wire (I find that my
fingernails are usually up to stripping without damaging the rather fine wire
inside) and twist matching colors together. Cover with an insulating tape
(scotch tape will work in a pinch). The result will work for a good long time.
If you need some structural integrity, I straightened out a paperclip and then
taped over the whole thing.

ravensorrow
19th October 2010, 04:44 PM
Same thing, everything times out (except a ping)

mndar
19th October 2010, 07:47 PM
Interesting....
Few things to try...
1. Set the interface to DHCP so that the IP, netmask etc. is setup automatically. You have a router, right?

2. Which laptop is this? I ask this to know which Lan card and driver are being used. lspci will list the PCI hardware.

3. To verify if this is a configuration issue, try using a live CD of Fedora and/or some other distro. Check if you face the same issues there. If you can setup ssh or samba, fine else you can test with just netcat.
Do nc -l -p 5000 on this laptop.
From you other box, telnet <laptop-ip> 5000. Actually you should try this netcat thing on the present config too.
Check if the connection gets established. Whatever you type on one machine should transfer to the other.

4. If none of these things help, I guess it will be quicker to install another instance of F13 on another partition, see if things work there and then try to figure out whats wrong in this instance.

ravensorrow
20th October 2010, 04:48 PM
Interesting....
Few things to try...
1. Set the interface to DHCP so that the IP, netmask etc. is setup automatically. You have a router, right?

2. Which laptop is this? I ask this to know which Lan card and driver are being used. lspci will list the PCI hardware.

3. To verify if this is a configuration issue, try using a live CD of Fedora and/or some other distro. Check if you face the same issues there. If you can setup ssh or samba, fine else you can test with just netcat.
Do nc -l -p 5000 on this laptop.
From you other box, telnet <laptop-ip> 5000. Actually you should try this netcat thing on the present config too.
Check if the connection gets established. Whatever you type on one machine should transfer to the other.

4. If none of these things help, I guess it will be quicker to install another instance of F13 on another partition, see if things work there and then try to figure out whats wrong in this instance.

I do have a router, but DHCP doesn't work (hasn't for a long time lol)
HP Pavaillion dv2000 (refurb), the NIC is 'nVidia Corporation MCP67 Ethernet (rev a2)'
nc -l 5000 on my laptop (man page says not to use -p in conjunction w/ -l), telnet <laptop-ip> 5000 times out (from both Gentoo and FreeBSD boxes)
I tossed in a Gentoo LiveCD (Always have one of these handy lol), set up networking (back to .4) and started sshd, from both Gentoo/FreeBSD I was able to ssh right into the my Laptop.

mndar
20th October 2010, 10:00 PM
Apart from setting up a DHCP Server on your Gentoo/FreeBSD box to test or may be try disabling Network Manager, I think I'm out of suggestions for now.
I really hope you figure out the reason behind this weird behavior.

ravensorrow
20th October 2010, 10:04 PM
My solution may to either a) wait for f14 to go STABLE or install another OS (Either Gentoo again or FreeBSD8 this time)