I've got two machines here, one running RH9 and the other running FC3.
I can use ssh or WebMin to connect to the RH9 machine from the FC3 machine. I use firestarter to open the required port. And I have CUPS configured to print from the FC3 machine to the printer on the RH9 machine.
But I cannot get a connection the other way around. Even when I try switching the firewall off. And I know that WebMin is running on FC3 because I can log in using localhost. The only communication I have achieved from the RH9 to the FC3 machine is ping. It just seems to be completely ignore everything else.
Can anybody suggest to me what I might be missing?
Thanks
Dave Fletcher
David Fletcher wrote:
I've got two machines here, one running RH9 and the other running FC3.
I can use ssh or WebMin to connect to the RH9 machine from the FC3 machine. I use firestarter to open the required port. And I have CUPS configured to print from the FC3 machine to the printer on the RH9 machine.
But I cannot get a connection the other way around. Even when I try switching the firewall off. And I know that WebMin is running on FC3 because I can log in using localhost. The only communication I have achieved from the RH9 to the FC3 machine is ping. It just seems to be completely ignore everything else.
Can anybody suggest to me what I might be missing?
Thanks
Dave Fletcher
Dave,
I am having a similar problem with FC3 and RH8 with sendmail, and have not resolved the problem. I am sure you have actived the services that you want to use, but I would double check that for sure. I am able to telnet and ssh back and forth between each machine, but have not found the roadblock for sendmail yet.
I'll be watching your thread too. Good Luck!
Greg Ennis
Am Fr, den 26.11.2004 schrieb David Fletcher um 23:12:
I've got two machines here, one running RH9 and the other running FC3.
I can use ssh or WebMin to connect to the RH9 machine from the FC3 machine. I use firestarter to open the required port. And I have CUPS configured to print from the FC3 machine to the printer on the RH9 machine.
But I cannot get a connection the other way around. Even when I try switching the firewall off. And I know that WebMin is running on FC3 because I can log in using localhost. The only communication I have achieved from the RH9 to the FC3 machine is ping. It just seems to be completely ignore everything else.
Dave Fletcher
From RH9 run "nmap -vvv -sS FC3_host_IP" to see which ports say something. On the FC3 machine run "iptables -nvL" to see what your firewall setup says. With "netstat -tualpen" you can list services listening.
Alexander
On Friday 26 Nov 2004 11:57 pm, Gregory P. Ennis wrote:
David Fletcher wrote:
I've got two machines here, one running RH9 and the other running FC3.
I can use ssh or WebMin to connect to the RH9 machine from the FC3 machine. I use firestarter to open the required port. And I have CUPS configured to print from the FC3 machine to the printer on the RH9 machine.
But I cannot get a connection the other way around. Even when I try switching the firewall off. And I know that WebMin is running on FC3 because I can log in using localhost. The only communication I have achieved from the RH9 to the FC3 machine is ping. It just seems to be completely ignore everything else.
Can anybody suggest to me what I might be missing?
Thanks
Dave Fletcher
Dave,
I am having a similar problem with FC3 and RH8 with sendmail, and have not resolved the problem. I am sure you have actived the services that you want to use, but I would double check that for sure. I am able to telnet and ssh back and forth between each machine, but have not found the roadblock for sendmail yet.
I'll be watching your thread too. Good Luck!
Greg Ennis
Greg,
It was sending email from the RH9 the FC3 machine that I wanted to try in the first place. Nothing happened. So installed firestarter on the fc3 machine because it monitors firewall hits in convenient fashion. Nothing.
Both machines web browse etc. OK, so tomorrow I might try to send a message from the FC3 to the RH9 machine.
Dave F
On Saturday 27 Nov 2004 12:45 am, Alexander Dalloz wrote:
Am Fr, den 26.11.2004 schrieb David Fletcher um 23:12:
I've got two machines here, one running RH9 and the other running FC3.
I can use ssh or WebMin to connect to the RH9 machine from the FC3 machine. I use firestarter to open the required port. And I have CUPS configured to print from the FC3 machine to the printer on the RH9 machine.
But I cannot get a connection the other way around. Even when I try switching the firewall off. And I know that WebMin is running on FC3 because I can log in using localhost. The only communication I have achieved from the RH9 to the FC3 machine is ping. It just seems to be completely ignore everything else.
Dave Fletcher
From RH9 run "nmap -vvv -sS FC3_host_IP" to see which ports say something. On the FC3 machine run "iptables -nvL" to see what your firewall setup says. With "netstat -tualpen" you can list services listening.
Alexander
Alexander,
I've now done a little reading and hopefully a little learning about this, taken the advice of the RHCE who runs the server for us at work, and still it won't work! The only contact I can get to work with this machine is ping.
Here are the current listings from the nmap and iptables again:-
From the RH9 machine:-
[root@boss root]# nmap -vvv -sS 192.168.2.100
Starting nmap V. 3.00 ( www.insecure.org/nmap/ ) sendto in send_tcp_raw: sendto(3, packet, 40, 0, 192.168.2.100, 16) => Operation not permitted Host james.18sn55fy (192.168.2.100) appears to be up ... good. Initiating SYN Stealth Scan against james.18sn55fy (192.168.2.100) sendto in send_tcp_raw: sendto(3, packet, 40, 0, 192.168.2.100, 16) => Operation not permitted sendto in send_tcp_raw: sendto(3, packet, 40, 0, 192.168.2.100, 16) => Operation not permitted sendto in send_tcp_raw: sendto(3, packet, 40, 0, 192.168.2.100, 16) => Operation not permitted sendto in send_tcp_raw: sendto(3, packet, 40, 0, 192.168.2.100, 16) => Operation not permitted sendto in send_tcp_raw: sendto(3, packet, 40, 0, 192.168.2.100, 16) => Operation not permitted Adding open port 111/tcp sendto in send_tcp_raw: sendto(3, packet, 40, 0, 192.168.2.100, 16) => Operation not permitted sendto in send_tcp_raw: sendto(3, packet, 40, 0, 192.168.2.100, 16) => Operation not permitted sendto in send_tcp_raw: sendto(3, packet, 40, 0, 192.168.2.100, 16) => Operation not permitted sendto in send_tcp_raw: sendto(3, packet, 40, 0, 192.168.2.100, 16) => Operation not permitted sendto in send_tcp_raw: sendto(3, packet, 40, 0, 192.168.2.100, 16) => Operation not permitted sendto in send_tcp_raw: sendto(3, packet, 40, 0, 192.168.2.100, 16) => Operation not permitted sendto in send_tcp_raw: sendto(3, packet, 40, 0, 192.168.2.100, 16) => Operation not permitted sendto in send_tcp_raw: sendto(3, packet, 40, 0, 192.168.2.100, 16) => Operation not permitted sendto in send_tcp_raw: sendto(3, packet, 40, 0, 192.168.2.100, 16) => Operation not permitted sendto in send_tcp_raw: sendto(3, packet, 40, 0, 192.168.2.100, 16) => Operation not permitted sendto in send_tcp_raw: sendto(3, packet, 40, 0, 192.168.2.100, 16) => Operation not permitted sendto in send_tcp_raw: sendto(3, packet, 40, 0, 192.168.2.100, 16) => Operation not permitted sendto in send_tcp_raw: sendto(3, packet, 40, 0, 192.168.2.100, 16) => Operation not permitted sendto in send_tcp_raw: sendto(3, packet, 40, 0, 192.168.2.100, 16) => Operation not permitted Adding open port 22/tcp sendto in send_tcp_raw: sendto(3, packet, 40, 0, 192.168.2.100, 16) => Operation not permitted Adding open port 1025/tcp sendto in send_tcp_raw: sendto(3, packet, 40, 0, 192.168.2.100, 16) => Operation not permitted sendto in send_tcp_raw: sendto(3, packet, 40, 0, 192.168.2.100, 16) => Operation not permitted sendto in send_tcp_raw: sendto(3, packet, 40, 0, 192.168.2.100, 16) => Operation not permitted sendto in send_tcp_raw: sendto(3, packet, 40, 0, 192.168.2.100, 16) => Operation not permitted sendto in send_tcp_raw: sendto(3, packet, 40, 0, 192.168.2.100, 16) => Operation not permitted sendto in send_tcp_raw: sendto(3, packet, 40, 0, 192.168.2.100, 16) => Operation not permitted sendto in send_tcp_raw: sendto(3, packet, 40, 0, 192.168.2.100, 16) => Operation not permitted sendto in send_tcp_raw: sendto(3, packet, 40, 0, 192.168.2.100, 16) => Operation not permitted sendto in send_tcp_raw: sendto(3, packet, 40, 0, 192.168.2.100, 16) => Operation not permitted sendto in send_tcp_raw: sendto(3, packet, 40, 0, 192.168.2.100, 16) => Operation not permitted The SYN Stealth Scan took 6 seconds to scan 1601 ports. Interesting ports on james.18sn55fy (192.168.2.100): (The 1598 ports scanned but not shown below are in state: closed) Port State Service 22/tcp open ssh 111/tcp open sunrpc 1025/tcp open NFS-or-IIS
Nmap run completed -- 1 IP address (1 host up) scanned in 6 seconds [root@boss root]#
and from the FC3 machine:- Chain INPUT (policy ACCEPT 32866 packets, 19M bytes) pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 31379 packets, 4813K bytes) pkts bytes target prot opt in out source destination
As you can see I've cleared out all the rules, and set the policies to ACCEPT. This machine web browses OK so the network interface is working, but still I can't get webmin on it to respond remotely. I've tried changing the listening address of webmin to 20000 which still worked locally but not through the LAN from this machine.
Any ideas about what else to try?
Thanks
Dave Fletcher
Am Di, den 07.12.2004 schrieb David Fletcher um 23:01:
On the FC3 machine run "iptables -nvL" to see what your firewall setup says. With "netstat -tualpen" you can list services listening.
I've now done a little reading and hopefully a little learning about this, taken the advice of the RHCE who runs the server for us at work, and still it won't work! The only contact I can get to work with this machine is ping.
From the RH9 machine:-
[root@boss root]# nmap -vvv -sS 192.168.2.100
Port State Service 22/tcp open ssh 111/tcp open sunrpc 1025/tcp open NFS-or-IIS
So it doesn't see anything on port 10000 (default webmin port).
Nmap run completed -- 1 IP address (1 host up) scanned in 6 seconds [root@boss root]#
As you can see I've cleared out all the rules, and set the policies to ACCEPT. This machine web browses OK so the network interface is working, but still I can't get webmin on it to respond remotely. I've tried changing the listening address of webmin to 20000 which still worked locally but not through the LAN from this machine.
Dave Fletcher
What does "netstat -talpen | grep perl" on the webmin host print out? What webmin do you run? How is it installed? Did you customize it's setup? Check the content of /etc/webmin/miniserv.conf, especially for being bound to a specific IP.
Alexander
What does "netstat -talpen | grep perl" on the webmin host print out? What webmin do you run? How is it installed? Did you customize it's setup? Check the content of /etc/webmin/miniserv.conf, especially for being bound to a specific IP.
Alexander
I'll try the netstat command again tomorrow - the FC3 machine is in my son's bedroom and he's asleep right now.
Another thought that occurred to me - Does it matter which of the installation options are selected? I think the choices were Desktop, Workstation, Server or Custom, and could a wrong choice (if there is one) cause a problem like this?
Thanks
Dave Fletcher
Am Di, den 07.12.2004 schrieb David Fletcher um 23:41:
Another thought that occurred to me - Does it matter which of the installation options are selected? I think the choices were Desktop, Workstation, Server or Custom, and could a wrong choice (if there is one) cause a problem like this?
Dave Fletcher
No, these install options only influence which sets of applications will be installed.
Alexander
On Tuesday 07 Dec 2004 10:27 pm, Alexander Dalloz wrote:
What does "netstat -talpen | grep perl" on the webmin host print out? What webmin do you run? How is it installed? Did you customize it's setup? Check the content of /etc/webmin/miniserv.conf, especially for being bound to a specific IP.
Alexander
It prints out this:- tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 0 5992 2227/perl
(I've taken out most of the spaces to make it fit on the line)
It's not just webmin that doesn't work via the LAN. I can ssh from FC3 to RH9, but it just doesn't respond the other way.
Dave
Am Mi, den 08.12.2004 schrieb David Fletcher um 20:54:
On Tuesday 07 Dec 2004 10:27 pm, Alexander Dalloz wrote:
What does "netstat -talpen | grep perl" on the webmin host print out? What webmin do you run? How is it installed? Did you customize it's setup? Check the content of /etc/webmin/miniserv.conf, especially for being bound to a specific IP.
Alexander
It prints out this:- tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 0 5992 2227/perl
(I've taken out most of the spaces to make it fit on the line)
So it properly listens.
It's not just webmin that doesn't work via the LAN. I can ssh from FC3 to RH9, but it just doesn't respond the other way.
Dave
I must confess I am run out of suggestions. Last one: run tcpdump to analyze what's going on. Before, check all device settings like IP address and netmask, check ifconfig for error numbers or else unusual values, check the routes, change switch/hub ports.
Alexander
On Wed, 2004-12-08 at 06:27, Alexander Dalloz wrote:
Am Di, den 07.12.2004 schrieb David Fletcher um 23:01:
On the FC3 machine run "iptables -nvL" to see what your firewall setup says. With "netstat -tualpen" you can list services listening.
I've now done a little reading and hopefully a little learning about this, taken the advice of the RHCE who runs the server for us at work, and still it won't work! The only contact I can get to work with this machine is ping.
From the RH9 machine:-
[root@boss root]# nmap -vvv -sS 192.168.2.100
Port State Service 22/tcp open ssh 111/tcp open sunrpc 1025/tcp open NFS-or-IIS
So it doesn't see anything on port 10000 (default webmin port).
try nmap -vvv -p 10000 xxx.xxx.xxx
Nmap run completed -- 1 IP address (1 host up) scanned in 6 seconds [root@boss root]#
As you can see I've cleared out all the rules, and set the policies to ACCEPT. This machine web browses OK so the network interface is working, but still I can't get webmin on it to respond remotely. I've tried changing the listening address of webmin to 20000 which still worked locally but not through the LAN from this machine.
Dave Fletcher
What does "netstat -talpen | grep perl" on the webmin host print out? What webmin do you run? How is it installed? Did you customize it's setup? Check the content of /etc/webmin/miniserv.conf, especially for being bound to a specific IP.
Alexander
-- Ow Mun Heng Gentoo/Linux on D600 1.4Ghz Neuromancer 22:24:35 up 44 min, 1 average: 1.60, 2.89, 1.51
I must confess I am run out of suggestions. Last one: run tcpdump to analyze what's going on. Before, check all device settings like IP address and netmask, check ifconfig for error numbers or else unusual values, check the routes, change switch/hub ports.
Alexander
I suppose this thread's a bit old now, but for the benefit of anybody else who has this trouble, I found the problem.
The problem was not with the FC3 machine I was trying to connect into, it was my RH9 machine. I assumed that because it has always web browsed, collected email etc. without any trouble it could not be at fault. It was sending my commands to the FC3 machine but the firewall was blocking the replies. I've set the FC3 machine (using Firestarter) to be a trusted host, and now it works.
Sometimes the trouble is not with the equipment, it is actually caused by not realising that an assumption is being made.
Thanks to everybody who tried to help with this.
Dave Fletcher
-
Alexander Dalloz -
David Fletcher -
Gregory P. Ennis -
Ow Mun Heng