----- Original Message ----- From: Mike Wright Sent: 09/07/13 08:11 PM To: Community support for Fedora users Subject: Re: tls
09/07/2013 11:07 AM, Patrick Dupre wrote:
HELLO,
I may have make some progress. I can SSL/TLS on a local machine but it does not work on a remote. I get (filezilla): Disconnected from server Status: Resolving address of homere Status: Connecting to 193.49.194.196:21... Status: Connection attempt failed with "EHOSTUNREACH - No route to host". Error: Could not connect to server Status: Waiting to retry... Status: Resolving address of homere Status: Connecting to 193.49.194.196:21... Status: Connection attempt failed with "EHOSTUNREACH - No route to host". Error: Could not connect to server
ssh works fine. However, I have a possible explaination. This machine is behind a firewall and to be able to make ssh, I add to ask to have the ssh port open. Probably, the ftp port is closed. Should I ask to have it open to use ssl/tls? Is it port 21? or 990? how can I check the port 22 is open while the other ones are closed on the firewall (I do not have admin access to this machine).
Maybe you could use "tcpdump" in order to see which ports are used while making a connection on the local machine. That may show which ports need to be opened on the firewall.
Does it help?
21:10:02.902287 IP sophocle.60380 > Homere.ftp: Flags [S], seq 505285150, win 14600, options [mss 1460,sackOK,TS val 42253104 ecr 0,nop,wscale 7], length 0 21:10:02.988377 IP 193.51.250.170 > sophocle: ICMP host Homere unreachable - admin prohibited filter, length 36 21:10:02.988795 IP sophocle.55174 > ns1.bouygtel.net.domain: 415+ PTR? 170.250.51.193.in-addr.arpa. (45) 21:10:03.048518 IP ns1.bouygtel.net.domain > sophocle.55174: 415 NXDomain 0/1/0 (106) 21:10:07.995654 IP sophocle.60381 > Homere.ftp: Flags [S], seq 245048817, win 14600, options [mss 1460,sackOK,TS val 42258197 ecr 0,nop,wscale 7], length 0 21:10:08.998299 IP sophocle.60381 > Homere.ftp: Flags [S], seq 245048817, win 14600, options [mss 1460,sackOK,TS val 42259200 ecr 0,nop,wscale 7], length 0 21:10:09.068427 IP 193.51.250.170 > sophocle: ICMP host Homere unreachable - admin prohibited filter, length 36
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
=========================================================================== Patrick DUPRÉ | | email: pdupre@gmx.com Laboratoire de Physico-Chimie de l'Atmosphère | | Université du Littoral-Côte d'Opale | | Tel. (33)-(0)3 28 23 76 12 | | Fax: 03 28 65 82 44 189A, avenue Maurice Schumann | | 59140 Dunkerque, France ===========================================================================
Am 07.09.2013 21:14, schrieb Patrick Dupre:
Status: Resolving address of homere Status: Connecting to 193.49.194.196:21... Status: Connection attempt failed with "EHOSTUNREACH - No route to host". Error: Could not connect to server
ssh works fine. However, I have a possible explaination. This machine is behind a firewall and to be able to make ssh, I add to ask to have the ssh port open. Probably, the ftp port is closed. Should I ask to have it open to use ssl/tls? Is it port 21? or 990? how can I check the port 22 is open while the other ones are closed on the firewall (I do not have admin access to this machine).
21:10:09.068427 IP 193.51.250.170 > sophocle: ICMP host Homere unreachable - admin prohibited filter, length 36
is clearly a firewall between acting like uptables "-j REJECT --reject-with icmp-admin-prohibited"
in doubt the ICMP answers mean nothing, i can reject with whatever status http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol