Re: [leaf-user] RE: OpenSSH and Bering
Hi, i have OpenSSH working on Bering. I use the hint with commenting exit 0. Thanks to the persons who gimme the hints. Somethings i had to do also: 1. make the following directory /var/run/sshd. and 2. uncomment PermitRootLogin Yes in the file /etc/ssh/sshd.config. Later. Manfred Schuler [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] wrote: Hi, thanks for the quick reply's. Sorry for the short coming of my bering firewall information. Now i will give you more info. 1. You should confirm that sshd is running on the Bering firewall. YES, lrpkg -l shows that LIBZ and SSHD are running. With ps i don't see anything about SSHD. 2. Are you trying to connect to the router from the LAN side or the external side? Are you certain you are using the right IP address in either case? If the connection is external, is it possible that your ISP interferes with traffic to port 22 (ssh)? I only want to work from local to firewall. 3. Just in case ... the default in putty is a telnet connection. You are changing that to ssh, right? YES. 4. the standard policy and rules of the bering firewall is not really all that well-defined; there is a lot of customizing you can, and sometimes need to, do to make Shorewall work with standard Bering settings. You might find it worthwhile to review the output of /sbin/shorewall status ... or to post it here if you need help interpreting it. HOSTS.ALLOW ALL: 192.168.1.0/255.255.255.0 HOSTS.DENY ALL: PARANOID ALL: ALL ZONES: net net internet adsl adsl alcatel modem loc local local networks Ifaces net ppp0 - routefilter,norfc1918 adsl eth0 10.0.0.255 routefilter loc eth1 192.168.1.255 routestopped policy loc loc ACCEPT loc net ACCEPT loc fw ACCEPT fw adsl ACCEPT net all DROP ULOG all all REJECT ULOG rules ACCEPT loc fw tcp 22 5. Is your Windows host set up properly in general, with respect to its IP address, routing table, and gateway address? One test: can you ping the Bering firewall (do it from a DOS prompt if you don't have a GUI ping app installed)? If not, how does a ping attempt fail? Pinging no problem. Watching Bering via Browser no problem and internetting no problem. Twisterf5S wrote: Hi, i trying to get the following situation to work: Windows pc with Putty connecting to Bering Firewall. When i make the connection via Putty i get the following reply: * Network error. Connection Refused. I have read the online Bering Openssh documentation. I have the Bering 1.1 firewall. I have the standard policy and rules of the bering firewall. I don't understand what i'm doing wrong. Any comments. __ The NEW Netscape 7.0 browser is now available. Upgrade now! http://channels.netscape.com/ns/browsers/download.jsp Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/ __ The NEW Netscape 7.0 browser is now available. Upgrade now! http://channels.netscape.com/ns/browsers/download.jsp Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/ --- This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html IIRC sshd is not enabled in inetd.conf and the file /etc/init.d/sshd contains this lines: #Comment out and edit /etc/inetd.conf to run as a stand alone server echo Secure Shell server via inetd: sshd exit 0 So sshd is not started. You have to decide, if you start sshd by inetd or by initscript. When started by inted, connecting to LEAF takes more time, because the session key must be generated by sshd before connecting. Starting by initscript consumes some memory, because sshd is always running, even when you are not logged in. So you have either to uncomment the sshd line in /etc/inetd.conf and backup etc or comment the exit 0 line in /etc/init.d/sshd and backup ssh Manfred -- Manfred Schuler E_Mail: mailto:[EMAIL PROTECTED] --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf
[leaf-user] RE: OpenSSH and Bering
Hi, thanks for the quick reply's. Sorry for the short coming of my bering firewall information. Now i will give you more info. 1. You should confirm that sshd is running on the Bering firewall. YES, lrpkg -l shows that LIBZ and SSHD are running. With ps i don't see anything about SSHD. 2. Are you trying to connect to the router from the LAN side or the external side? Are you certain you are using the right IP address in either case? If the connection is external, is it possible that your ISP interferes with traffic to port 22 (ssh)? I only want to work from local to firewall. 3. Just in case ... the default in putty is a telnet connection. You are changing that to ssh, right? YES. 4. the standard policy and rules of the bering firewall is not really all that well-defined; there is a lot of customizing you can, and sometimes need to, do to make Shorewall work with standard Bering settings. You might find it worthwhile to review the output of /sbin/shorewall status ... or to post it here if you need help interpreting it. HOSTS.ALLOW ALL: 192.168.1.0/255.255.255.0 HOSTS.DENY ALL: PARANOID ALL: ALL ZONES: net net internet adsladslalcatel modem loc local local networks Ifaces net ppp0- routefilter,norfc1918 adsleth010.0.0.255 routefilter loc eth1192.168.1.255 routestopped policy loc loc ACCEPT loc net ACCEPT loc fw ACCEPT fw adslACCEPT net all DROPULOG all all REJECT ULOG rules ACCEPT loc fw tcp22 5. Is your Windows host set up properly in general, with respect to its IP address, routing table, and gateway address? One test: can you ping the Bering firewall (do it from a DOS prompt if you don't have a GUI ping app installed)? If not, how does a ping attempt fail? Pinging no problem. Watching Bering via Browser no problem and internetting no problem. Twisterf5S wrote: Hi, i trying to get the following situation to work: Windows pc with Putty connecting to Bering Firewall. When i make the connection via Putty i get the following reply: * Network error. Connection Refused. I have read the online Bering Openssh documentation. I have the Bering 1.1 firewall. I have the standard policy and rules of the bering firewall. I don't understand what i'm doing wrong. Any comments. __ The NEW Netscape 7.0 browser is now available. Upgrade now! http://channels.netscape.com/ns/browsers/download.jsp Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/ __ The NEW Netscape 7.0 browser is now available. Upgrade now! http://channels.netscape.com/ns/browsers/download.jsp Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/ --- This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] OpenSSH and Bering
Hi, i trying to get the following situation to work: Windows pc with Putty connecting to Bering Firewall. When i make the connection via Putty i get the following reply: * Network error. Connection Refused. I have read the online Bering Openssh documentation. I have the Bering 1.1 firewall. I have the standard policy and rules of the bering firewall. I don't understand what i'm doing wrong. Any comments. __ The NEW Netscape 7.0 browser is now available. Upgrade now! http://channels.netscape.com/ns/browsers/download.jsp Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/ --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] (no subject)
Hello, Looking at my firewall via the webbrowser I have the following situation within the current connections: Masqueraded Connections:: udp src=192.168.1.44 1276 dst=194.109.6.65 123 --90 sec. unknown src=599 dst=10.0.0.138 dst=src=10.0.0.2 src=10.0.0.138 --47 sec. use=1 tcp src=192.168.1.44 2010 dst=65.197.157.202 80 --74882 sec. ESTABLISHED tcp src=192.168.1.97 1116 dst=208.254.63.58 80 --60133 sec. ESTABLISHED I understand the connection to the dns server and the connection between firewall and adsl modem, but i don't understand the other two connections. Those ip-numbers seem to have a connection for a very, very long time. My question: is this normal behaviour or is there something wrong? Rob. __ The NEW Netscape 7.0 browser is now available. Upgrade now! http://channels.netscape.com/ns/browsers/download.jsp Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/ --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Masqueraded Connections
Hello, Looking at my firewall via the webbrowser I have the following situation within the current connections: Masqueraded Connections:: udp src=192.168.1.44 1276 dst=194.109.6.65 123 --90 sec. unknown src=599 dst=10.0.0.138 dst=src=10.0.0.2 src=10.0.0.138 --47 sec. use=1 tcp src=192.168.1.44 2010 dst=65.197.157.202 80 --74882 sec. ESTABLISHED tcp src=192.168.1.97 1116 dst=208.254.63.58 80 --60133 sec. ESTABLISHED I understand the connection to the dns server and the connection between firewall and adsl modem, but i don't understand the other two connections. Those ip-numbers seem to have a connection for a very, very long time. My question: is this normal behaviour or is there something wrong? Rob. __ The NEW Netscape 7.0 browser is now available. Upgrade now! http://channels.netscape.com/ns/browsers/download.jsp Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/ --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html