Re: SSH port 22 is invisible from the internet!! :(

To: debian-user@lists.debian.org
Subject: Re: SSH port 22 is invisible from the internet!! :(
From: Jochen Schulz <ml@well-adjusted.de>
Date: Mon, 9 Apr 2007 15:53:24 +0200
Message-id: <[🔎] 20070409135323.GH10335@wasteland.homelinux.net>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20070409130132.GA11076@csanyi-pal.info>
References: <[🔎] 20070409130132.GA11076@csanyi-pal.info>

csanyipal:
> 
> I use iptables as a firewall and have added a rule to open the port 22:

That probably means you are blocking any traffic not explicitly allowed,
correct? Maybe it would help to show us your complete iptables script.

And you are connected directly to the internet, right? No NAT?

> $ sudo iptables -L 
> ...
> target     prot opt source               destination         
> ACCEPT     0    --  anywhere             anywhere            state RELATED,ESTABLISHED 
            ^^^
This looks suspicious to me. On my NAT box (running OpenWrt) it says
"all" instead of "0". But that isn't necessarily the source of your
error, since you say www and smtp work fine.

> ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp 
> ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
> ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:www
> ...

Otherwise, it looks good.

> I use a website 
> http://wigwam.sztaki.hu:8080/varazslatok/tuzfalteszt.php
> to see whethear is my port 22 visible and the test says that that the 
> port 22 is invisible.

I can only see a tux logo on that page.

> The remote user can't to login with ssh too on to my system.
> My system has a FQDN csanyi-pal.info and a public IP: 85.222.164.132

I can confirm that your port 22 is not reachable. It appears that some
system (not necessarily yours) is dropping packets, since I only get a
timeout, not a REJECT message:

| $ nmap 85.222.164.132 -p 22
| Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2007-04-09 15:47 CEST
| Interesting ports on ipv132.sksyu.net (85.222.164.132):
| PORT   STATE    SERVICE
| 22/tcp filtered ssh

To debug it a little bit more, you could use tcpdump to see whether you
can see packets coming on port 22/tcp at all (tcpdump -i $dev "port
22"). If you do, you have a problem with outgoing packages which would
explain the timeouts.

If you suspect SSH is being blocked by a system not under your control,
you could try to have sshd listen on a port other than 22 (443 comes to
mind). Maybe your ISP/hosting provider blocks 22.

J.
-- 
Tony Blair is a hypnotised self-seeking scarecrow just like all the
rest.
[Agree]   [Disagree]
                 <http://www.slowlydownward.com/NODATA/data_enter2.html>

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: SSH port 22 is invisible from the internet!! :(
  - From: csanyipal <csanyipal@csanyi-pal.info>
- Re: SSH port 22 is invisible from the internet!! - SOLVED
  - From: csanyipal <csanyipal@csanyi-pal.info>

References:
- SSH port 22 is invisible from the internet!! :(
  - From: csanyipal <csanyipal@csanyi-pal.info>

Prev by Date: Re: Newbie Question - KDE-Gnome-xfce
Next by Date: Re: DHCP lease and dhclient.eth0.leases.
Previous by thread: Re: SSH port 22 is invisible from the internet!! :(
Next by thread: Re: SSH port 22 is invisible from the internet!! :(
Index(es):
- Date
- Thread