[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [OT?] Kan inte ssh:a från Debian Lenny till Ubuntu 9.04

Peter Carlsson skrev:

Stefan Alfredsson skrev:

Hej!

Ber om ursäkt för ett långt mail...
Nu har jag testat de flesta av dina tips. Se resultatet och följdfrågor nedan. 

[snip av långt mail]

Har nu varit i kontakt med supporten his Bredbandsbolaget som svarade:
"Port 22 är inte spärrat på det mobila bredbandet. Det går inte via någon brandvägg. Det kan däremot vara din egna brandvägg som blockerar om du har någon sådan installerad."
Börjar fundera på om det kanske är så att sshd lyssnar på fel interface om det är möjligt?
Behöver man göra något för att sshd även ska lyssna på inkommande anrop på ppp0?
Jag har satt ufw till att deny:a allt utom ssh. Har även prövat att tillåta allt. 

# sudo ufw status
Status: aktiv

Till    Åtgärd  Från
----    ------  ----
22      ALLOW   Anywhere

Tittar man på iptables så innehåller den ofantligt mycket mer.

# sudo iptables -nvL
Chain INPUT (policy DROP 2 packets, 128 bytes)
pkts bytes target prot opt in out source destination 1595 1272K ufw-before-logging-input all -- * * 0.0.0.0/0 0.0.0.0/0
1595 1272K ufw-before-input all -- * * 0.0.0.0/0 0.0.0.0/0 42 2856 ufw-after-input all -- * * 0.0.0.0/0 0.0.0.0/0 42 2856 ufw-after-logging-input all -- * * 0.0.0.0/0 0.0.0.0/0 42 2856 ufw-reject-input all -- * * 0.0.0.0/0 0.0.0.0/0 

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination 0 0 ufw-before-logging-forward all -- * * 0.0.0.0/0 0.0.0.0/ 
0
0 0 ufw-before-forward all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ufw-after-forward all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ufw-after-logging-forward all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ufw-reject-forward all -- * * 0.0.0.0/0 0.0.0.0/0 

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination 1583 187K ufw-before-logging-output all -- * * 0.0.0.0/0 0.0.0.0/0 1583 187K ufw-before-output all -- * * 0.0.0.0/0 0.0.0.0/0 21 3453 ufw-after-output all -- * * 0.0.0.0/0 0.0.0.0/0 21 3453 ufw-after-logging-output all -- * * 0.0.0.0/0 0.0.0.0/0 21 3453 ufw-reject-output all -- * * 0.0.0.0/0 0.0.0.0/0 
Chain ufw-after-forward (1 references)
pkts bytes target prot opt in out source destination 

Chain ufw-after-input (1 references)
pkts bytes target prot opt in out source destination 0 0 RETURN udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:137 0 0 RETURN udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:138 0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445 0 0 RETURN udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:67 0 0 RETURN udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:68 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 

Chain ufw-after-logging-forward (1 references)
pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix `[UFW BLOCK] '
Chain ufw-after-logging-input (1 references) pkts bytes target prot opt in out source destination 2 128 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix `[UFW BLOCK] ' 

Chain ufw-after-logging-output (1 references)
pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix `[UFW ALLOW] ' 

Chain ufw-after-output (1 references)
pkts bytes target prot opt in out source destination 

Chain ufw-before-forward (1 references)
pkts bytes target prot opt in out source destination 0 0 ufw-user-forward all -- * * 0.0.0.0/0 0.0.0.0/0 
Chain ufw-before-input (1 references)
pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 6 312 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ufw-logging-deny all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 4 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 12 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68 2 128 ufw-not-local all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- * * 224.0.0.0/4 0.0.0.0/0 0 0 ACCEPT all -- * * 0.0.0.0/0 224.0.0.0/4 2 128 ufw-user-input all -- * * 0.0.0.0/0 0.0.0.0/0 

Chain ufw-before-logging-forward (1 references)
pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix `[UFW AUDIT] ' 

Chain ufw-before-logging-input (1 references)
pkts bytes target prot opt in out source destination 8 440 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix `[UFW AUDIT] ' 

Chain ufw-before-logging-output (1 references)
pkts bytes target prot opt in out source destination 5 308 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix `[UFW AUDIT] ' 

Chain ufw-before-output (1 references)
pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 5 308 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED 0 0 ufw-user-output all -- * * 0.0.0.0/0 0.0.0.0/0 
Chain ufw-logging-allow (0 references)
pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix `[UFW ALLOW] ' 

Chain ufw-logging-deny (2 references)
pkts bytes target prot opt in out source destination 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix `[UFW BLOCK] ' 

Chain ufw-not-local (1 references)
pkts bytes target prot opt in out source destination 2 128 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 ufw-logging-deny all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 

Chain ufw-reject-forward (1 references)
pkts bytes target prot opt in out source destination 

Chain ufw-reject-input (1 references)
pkts bytes target prot opt in out source destination 

Chain ufw-reject-output (1 references)
pkts bytes target prot opt in out source destination 

Chain ufw-user-forward (1 references)
pkts bytes target prot opt in out source destination 

Chain ufw-user-input (1 references)
pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:22 

Chain ufw-user-limit (0 references)
pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 0 level 4 prefix `[UFW LIMIT BLOCK] ' 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 

Chain ufw-user-limit-accept (0 references)
pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 

Chain ufw-user-logging-forward (0 references)
pkts bytes target prot opt in out source destination
Chain ufw-user-logging-input (0 references) pkts bytes target prot opt in out source destination
Chain ufw-user-logging-output (0 references) pkts bytes target prot opt in out source destination 

Chain ufw-user-output (1 references)
pkts bytes target prot opt in out source destination 

Kollar man med netstat får man:

# netstat -tnl
Aktiva internetanslutningar (endast servrar)
Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN tcp6 0 0 :::22 :::* LISTEN 
/Peter
Reply to: