On 8/11/2012 11:59 PM, Paul Allen Newell wrote:
Hello:
Up until recently, I have been able to scp/ssh from my F16 box to my
WinXP under cygwin without problem. Today, it appears that isn't the
case.
Last "yum update" was 29jul12. Cygwin hasn't changed in months (once I
have something that works I am loathe to update as I don't really get
it well enough to ride a more bleeding edge)
I can ping both ways but can only scp/ssh from cygwin to F16 (though I
don't use it, I tested telnet and got the same results). I swapped in
my "log all problems" version of iptables on the F16 box and can see
that it is logging errors and I see the following:
+++
Aug 11 23:43:43 yoyo kernel: [ 779.725071] <IPTABLES: LOG REJECT>
IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1e:8c:c3:21:d6:08:00
SRC=192.168.2.14 DST=192.168.2.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128
ID=33554 PROTO=UDP SPT=138 DPT=138 LEN=209
Aug 11 23:43:48 yoyo kernel: [ 785.386501] <IPTABLES: LOG REJECT>
IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1e:8c:c3:21:d6:08:00
SRC=192.168.2.14 DST=192.168.2.255 LEN=234 TOS=0x00 PREC=0x00 TTL=128
ID=33555 PROTO=UDP SPT=138 DPT=138 LEN=214
+++
I did a google but this information is pretty much Greek to me so I
didn't find anything because I didn't understand how to find something
My big question is "any suggestions?" There is a second minor issue
about is there a way to force iptables to immediately flush a message
to the log file as I had to wait about 10 minutes to get something.
Thank in advance,
Paul
Of course, after sending this I realized that it might be helpful if I
sent a copy of my iptables, sorry for not having that thought before I
sent the initial email (groan)
+++
[root@yoyo ~]# more /etc/sysconfig/iptables
# Generated by iptables-save v1.4.12 on Sat Aug 11 23:29:10 2012
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -s 127.0.0.1/32 -d 192.168.2.0/24 -p udp -m state --state NEW -m udp --
dport 631
-A INPUT -s 127.0.0.1/32 -d 192.168.2.0/24 -p tcp -m state --state NEW -m tcp --
dport 631
-A INPUT -j LOG --log-prefix "<IPTABLES: LOG REJECT> "
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Sat Aug 11 23:29:10 2012
[root@yoyo ~]#
+++
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
