Date: Mon, 3 Sep 2001 20:08:38 -0300 From: "Conrado Vardanega" <cvspam@ig.com.br> To: "Chris BeHanna" <behanna@zbzoom.net> Cc: <freebsd-stable@freebsd.org> Subject: Re: Access disallowed through ssh Message-ID: <NDBBLGPICDCECKDGFCGFAECPCKAA.cvspam@ig.com.br> In-Reply-To: <20010903185529.B14526-100000@topperwein.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Ok, there is more information about the problem: -- its NOT the hosts.allow, its "ALL : ALL : allow" and I don't even have a PARANOID line there. -- its NOT firewall matter, I've no firewall rules at this machine and people can "telnet 200.193.xx.xx 22" and get tcp sessions open. Therefore the Network Layer is ok. -- its NOT reverse/unmatching dns entry. Both, public and private addresses, are named and they're all matching correctly. Thanks! Conrado > -----Mensagem original----- > De: owner-freebsd-stable@FreeBSD.ORG > [mailto:owner-freebsd-stable@FreeBSD.ORG]Em nome de Chris BeHanna > Enviada em: segunda-feira, 3 de setembro de 2001 20:01 > Para: FreeBSD-Stable > Assunto: Re: Access disallowed through ssh > > > On Mon, 3 Sep 2001, Conrado Vardanega wrote: > > > I've a small network, from which I can ssh to my local server, which is > > 192.168.3.1/24. > > > > >From any other IP addresses, however, I'm having access > disallowed, getting > > the following message: > > > > "Received disconnect from 200.193.xx.xx: 2: Sorry, you are not > allowed to > > connect." > > > > Note: 200.193.xx.xx is the address of the router that does NAT > and forwards > > its port 22/tcp to the server. > > > > This began sometime with no apparent changes to the system. The > hosts.allow > > is default, which already allowed me access it in the past. > > hosts.allow recently got this line as its first rule via mergemaster: > > ALL : PARANOID : RFC931 20 : deny > > If your NAT box has forward and reverse DNS records and they don't > match, you're out of there. > > There were also some rule changes merged into /etc/rc.firewall the > last time around. > > > Any hint of what could be? > > Check /var/log/messages and /var/log/security to see if you're > filtering yourself out. Watch the server's NIC interface with tcpdump > to see if packets are actually getting forwarded to it. > > Another thought: is this one of those cable/DSL router/firewall > thingies? Go into its web admin interface and make sure the rules are > what you think they are. Perhaps it got reset by a brief power > interruption or something. > > -- > Chris BeHanna > Software Engineer (Remove "bogus" before responding.) > behanna@bogus.zbzoom.net > I was raised by a pack of wild corn dogs. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NDBBLGPICDCECKDGFCGFAECPCKAA.cvspam>