Hey guys,

I've just got done building a pair of severs for our web application. The first one went off without a hitch but the second is giving me some serious trouble with the networking component.

Basically, whenever I try to connect to the machine, I get a Connection Refused. I can ping the machine successfully, but not SSH or access the Tomcat instance (running on 8080) on the machine.

It could be a firewall issue, but I've tried to connect even with the firewall completely disabled and that did not help.

I'm positive that the SSHd is running and that the Tomcat server is running, as I can ssh to 0.0.0.0 and I can http:/localhost with success from the server. Also, I can access the internet successfully from the server, so it seems to be getting out alright.

What else do I need to be checking? I feel like I'm missing something simple, but just can't seem to get it sorted!

Thanks for any help and suggestions!

Evan

Try ssh -v IP to see what's wrong and keep in mind that SSH is a bi-directional protocol (Permit Tcp 22 in and out)

Hey Nokia,

Thanks for the tip, I didn't know about a debug mode! Anyways, doing that never gets past the "Connecting to 192.168.1.50 [192.168.1.50] on Port 22.

The netstat -ant has the following entries:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:47358 0.0.0.0:* LISTEN
tcp 0 0 ::ffff:127.0.0.1:8005 :::* LISTEN
tcp 0 0 :::8101 :::* LISTEN
tcp 0 0 :::8009 :::* LISTEN
tcp 0 0 :::5001 :::* LISTEN
tcp 0 0 :::8080 :::* LISTEN
tcp 0 0 :::37589 :::* LISTEN
tcp 0 0 :::22 :::* LISTEN


Also, I can SSH from the busted server to another machine, so I'm not exactly sure what is happening. It seems like the entire adapter is just locked down to incoming connections?

Thanks for your help!

Evan

What's the network topology ? Is there any router/port forwarding involved ? Please be "very verbose" :) when you ask for help in a forum. Everyone can guess but most of those who "could" help you would refrain due to lack of information. Right now, instead of thinking/evaluating your problem, I'm loosing time talking besides the subject.

Please consider your questions in the future more carefully. Your chances of receiving the right answer quickly depend on your attitude when describing a given situation.

Thank you. :)

Again, referring to your situation, blocking an incoming TCP 22 connection points to the local firewall, since it's pretty obvious from what you posted above that sshd it's up and running.
Also, you might wanna check for running apps like fail2ban and denyhosts. ;)

Sorry for the brief explanations, but I figured I'd was just missing some sort of "oh duh" thing. On the topology/network stuff, there really isn't much to tell. It's just three boxes (fedora server in question, another linux box and a WinXP machine) plugged into a vanilla Linksys router. There aren't any active ports being forwarded or anything like that.

How would I check the local firewall on the machine to really see what's going on? I've been using the IDE version "Firewall" in the standard release. I have both 8080 and 22 set to open, but I'd just like to confirm that is the case. I've tried disabling the firewall in the IDE, but that didn't have any effect.

What is fail2ban and denyhosts? How would I check to see if they are running?

Thanks again for your help!

E

Post hererpm -qa fail2ban
rpm -qa denyhost

Then, on both linux boxessu -
system-config-firewall-tui disable the firewall, save and exit

In the end, post ssh -2v IP Box 1
ssh -v2 Ip Box 2

Don't forget to re-enable the firewall after your tests ;)

Hey Nokia,

The first two command (executed on the server) did not return any values. After disabling the firewall on both boxes, I was still unable to get ssh -v2 (or 2v) to report anything. It simply stays put on the "Connecting to 192.168.1.50 [192.168.1.50]" and then sits there.

What else could it be?

Thanks again for all your help!

Can you show on both servers:

su -
iptables --list
ifconfig

Hey Marc,

Here's what I get with those commands:

iptables:
Chain INPUT (Policy ACCEPT)
target prot opt source destination

Chain FORWARD (Policy ACCEPT)
target prot opt source destination

Chain OUTPUT (Policy ACCEPT)
target prot opt source destination

ifconfig:
eth0 Link encap:Ethernet HWaddr 00:1D:09:FB:B8:4A
inet addr:192.168.1.50 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::21d:9ff:fefb:b84a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:36057 errors:0 dropped:0 overruns:0 frame:0
TX packets:24570 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:36401911 (34.7 MiB) TX bytes:3236567 (3.0 MiB)
Interrupt:16

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1582 errors:0 dropped:0 overruns:0 frame:0
TX packets:1582 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:85025 (83.0 KiB) TX bytes:85025 (83.0 KiB)

I don't have a lot of experience with iptables but that response looks pretty blank to me. Where should I go from here?

Thanks again everyone for all your help.

E

May sure both servers are not using the same IP address.
Your iptables looks short.
Run:

su -
system-config-firewall

Turn on any services you plan to use, ssh, httpd, etc. Save it and exit.

@marcrblevins

He should have a functional service first. Security should be his next/second concern, in this case. Otherwise we'll never know what to troubleshoot first - server, firewal, any other security service like fail2ban, network or port forwarding.


@gte619n

Evan, as I said earlier, with the firewall disabled on both linux boxes, do the following:

1. Post ifconfig for both stations and Windows network settings

2. On Windows, get putty and try to ssh to each linux box

Dear Nokia,
You must realized ssh service is running otherwise the OP wouldn't be able to display:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:47358 0.0.0.0:* LISTEN
tcp 0 0 ::ffff:127.0.0.1:8005 :::* LISTEN
tcp 0 0 :::8101 :::* LISTEN
tcp 0 0 :::8009 :::* LISTEN
tcp 0 0 :::5001 :::* LISTEN
tcp 0 0 :::8080 :::* LISTEN
tcp 0 0 :::37589 :::* LISTEN
tcp 0 0 :::22 :::* LISTEN


Try to 'service sshd stop' and run 'netstat -ant', you would see NO :22 anywhere.

Good night.

You missed my point... :)

AHHHHHHHHHHHHHHHHHHHHHH!!

So, I checked all the ifconfigs for both machines. They're each running separate ips. I check the ipconfig of all the Windows boxes I've got, all on separate ips. So, going around the house, I spot a curious laptop sitting in the corner, running, plugged in...

Open it up, ipconfig, and SURE ENOUGH, it's on 192.168.1.50!! It seems my roomate (who is in china for the next two weeks) likes .50. After changing him over to .40, everything works as expected.

Thanks a ton for all your help and I'm sorry to have wasted your time on such a simple problem. I really appreciate all the advice and assistance.

Another quick question, what is su - ? I see it makes the shell a "login shell," but what is that exactly?

Thanks!

Evan

See man su ;)

Hey Nokia,

The man says "makes the shell a login shell", but what is a login shell exactly, and how does that differ from a regular shell?

There are many ways of finding out "what is" on the Web. Google, man! :)

Thanks a ton for all your help and I'm sorry to have wasted your time on such a simple problem. I really appreciate all the advice and assistance.

No apology needed.
Didn't waste time here, you Live & Learn.