From owner-freebsd-security@FreeBSD.ORG Fri Dec 29 13:47:55 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0769416A412 for ; Fri, 29 Dec 2006 13:47:55 +0000 (UTC) (envelope-from kkourkounis@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.191]) by mx1.freebsd.org (Postfix) with ESMTP id 9850813C459 for ; Fri, 29 Dec 2006 13:47:54 +0000 (UTC) (envelope-from kkourkounis@gmail.com) Received: by nf-out-0910.google.com with SMTP id x37so5499354nfc for ; Fri, 29 Dec 2006 05:47:53 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type; b=cFPYu8oRmnoLiNfypGcCrXzGqnNmac3DheeMQ5VZBOyVCy0EJG3pxbRVnMUIilrVRVJLCJyaFqPNmBq6MNUYr/cEZnfyHzhX88p1qMpYHEnoGzyGmcwXEAjhHHHYQ43gkSI96LPKni8hh/g/AwK5QD7bqdJWmxmKHmfyu6XvF+c= Received: by 10.49.10.3 with SMTP id n3mr10482nfi.1167379238830; Fri, 29 Dec 2006 00:00:38 -0800 (PST) Received: by 10.49.95.8 with HTTP; Fri, 29 Dec 2006 00:00:38 -0800 (PST) Message-ID: Date: Fri, 29 Dec 2006 10:00:38 +0200 From: "Kostas Kourkounis" To: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: ssh session from external machine X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Dec 2006 13:47:55 -0000 Hello, I am having a small problem with the ssh daemon on my freebsd box. I am using the standard ssh daemon asked at the installation. I am able to acces my box using ssh from the internal lan network but not from any external machine. The error code is connection refused. I am using release 6.1 and my modem firewall permits the inbound traffic on port 22. I also use port forwarding for sending the traffic to port 22 to the correct machine where the ssh daemon is running. Maybe i am missing any configuration hint or something else. Does anyone has any Idea? -- kkourkounis From owner-freebsd-security@FreeBSD.ORG Fri Dec 29 15:14:37 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2483F16A415 for ; Fri, 29 Dec 2006 15:14:37 +0000 (UTC) (envelope-from piechota@argolis.org) Received: from rwcrmhc13.comcast.net (rwcrmhc13.comcast.net [204.127.192.83]) by mx1.freebsd.org (Postfix) with ESMTP id 0D7D313C43E for ; Fri, 29 Dec 2006 15:14:37 +0000 (UTC) (envelope-from piechota@argolis.org) Received: from acropolis.argolis.org ([71.224.141.16]) by comcast.net (rwcrmhc13) with ESMTP id <20061229150113m1300iq1tfe>; Fri, 29 Dec 2006 15:01:14 +0000 Received: from acropolis.argolis.org (localhost [127.0.0.1]) by acropolis.argolis.org (8.13.6/8.13.6) with ESMTP id kBTF1CCD053694; Fri, 29 Dec 2006 10:01:12 -0500 (EST) (envelope-from piechota@argolis.org) Received: from localhost (piechota@localhost) by acropolis.argolis.org (8.13.6/8.13.6/Submit) with ESMTP id kBTF1B3r053691; Fri, 29 Dec 2006 10:01:12 -0500 (EST) (envelope-from piechota@argolis.org) X-Authentication-Warning: acropolis.argolis.org: piechota owned process doing -bs Date: Fri, 29 Dec 2006 10:01:11 -0500 (EST) From: Matt Piechota To: Kostas Kourkounis In-Reply-To: Message-ID: <20061229095905.L11633@acropolis.argolis.org> References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-security@freebsd.org Subject: Re: ssh session from external machine X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Dec 2006 15:14:37 -0000 On Fri, 29 Dec 2006, Kostas Kourkounis wrote: > I am having a small problem with the ssh daemon on my freebsd box. I am > using the standard ssh daemon asked at the installation. I am able to acces > my box using ssh from the internal lan network but not from any external > machine. The error code is connection refused. I am using release 6.1 and my > modem firewall permits the inbound traffic on port 22. I also use port > forwarding for sending the traffic to port 22 to the correct machine where > the ssh daemon is running. Maybe i am missing any configuration hint or > something else. > Does anyone has any Idea? The first step I'd take would be to run tcpdump on your internal machine to verify that the packets are getting through the firewall, and if the internal machine is responding. That's just troubleshooting 101. -- Matt Piechota From owner-freebsd-security@FreeBSD.ORG Fri Dec 29 15:27:35 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9030E16A40F for ; Fri, 29 Dec 2006 15:27:35 +0000 (UTC) (envelope-from derek@computinginnovations.com) Received: from betty.computinginnovations.com (dsl081-227-250.chi1.dsl.speakeasy.net [64.81.227.250]) by mx1.freebsd.org (Postfix) with ESMTP id 0249E13C455 for ; Fri, 29 Dec 2006 15:27:34 +0000 (UTC) (envelope-from derek@computinginnovations.com) Received: from p28.computinginnovations.com (dhcp-10-20-30-100.computinginnovations.com [10.20.30.100]) (authenticated bits=0) by betty.computinginnovations.com (8.13.6/8.12.11) with ESMTP id kBTF6Qtw018461; Fri, 29 Dec 2006 09:06:26 -0600 (CST) Message-Id: <6.0.0.22.2.20061229090258.024cbd50@mail.computinginnovations.com> X-Sender: derek@mail.computinginnovations.com X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 Date: Fri, 29 Dec 2006 09:05:27 -0600 To: "Kostas Kourkounis" , freebsd-security@freebsd.org From: Derek Ragona In-Reply-To: References: Mime-Version: 1.0 X-ComputingInnovations-MailScanner-Information: Please contact the ISP for more information X-ComputingInnovations-MailScanner: Found to be clean X-ComputingInnovations-MailScanner-From: derek@computinginnovations.com X-Spam-Status: No Content-Type: text/plain; charset="us-ascii"; format=flowed X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: Re: ssh session from external machine X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Dec 2006 15:27:35 -0000 Check your /etc/hosts.allow that you don't have any restrictions there or at the least allow sshd connections from the IP of your firewall. If there is nothing preventing the connection on the FreeBSD box, check your firewall's docs for configuring ssh access through the firewall. It may need more than just port 22 forwarded. -Derek At 02:00 AM 12/29/2006, Kostas Kourkounis wrote: >Hello, > >I am having a small problem with the ssh daemon on my freebsd box. I am >using the standard ssh daemon asked at the installation. I am able to acces >my box using ssh from the internal lan network but not from any external >machine. The error code is connection refused. I am using release 6.1 and my >modem firewall permits the inbound traffic on port 22. I also use port >forwarding for sending the traffic to port 22 to the correct machine where >the ssh daemon is running. Maybe i am missing any configuration hint or >something else. >Does anyone has any Idea? > >-- >kkourkounis >_______________________________________________ >freebsd-security@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-security >To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. >MailScanner thanks transtec Computers for their support. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support.