possible problem with scp/ssh/telnet --- additional info

Paul Allen Newell pnewell at cs.cmu.edu
Sun Aug 12 07:06:32 UTC 2012 

On 8/11/2012 11:59 PM, Paul Allen Newell wrote:
> Hello:
>
> Up until recently, I have been able to scp/ssh from my F16 box to my 
> WinXP under cygwin without problem. Today, it appears that isn't the 
> case.
>
> Last "yum update" was 29jul12. Cygwin hasn't changed in months (once I 
> have something that works I am loathe to update as I don't really get 
> it well enough to ride a more bleeding edge)
>
> I can ping both ways but can only scp/ssh from cygwin to F16 (though I 
> don't use it, I tested telnet and got the same results). I swapped in 
> my "log all problems" version of iptables on the F16 box and can see 
> that it is logging errors and I see the following:
>
> +++
> Aug 11 23:43:43 yoyo kernel: [ 779.725071] <IPTABLES: LOG REJECT> 
> IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1e:8c:c3:21:d6:08:00 
> SRC=192.168.2.14 DST=192.168.2.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 
> ID=33554 PROTO=UDP SPT=138 DPT=138 LEN=209
> Aug 11 23:43:48 yoyo kernel: [ 785.386501] <IPTABLES: LOG REJECT> 
> IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1e:8c:c3:21:d6:08:00 
> SRC=192.168.2.14 DST=192.168.2.255 LEN=234 TOS=0x00 PREC=0x00 TTL=128 
> ID=33555 PROTO=UDP SPT=138 DPT=138 LEN=214
> +++
>
> I did a google but this information is pretty much Greek to me so I 
> didn't find anything because I didn't understand how to find something
>
> My big question is "any suggestions?" There is a second minor issue 
> about is there a way to force iptables to immediately flush a message 
> to the log file as I had to wait about 10 minutes to get something.
>
> Thank in advance,
> Paul

Of course, after sending this I realized that it might be helpful if I 
sent a copy of my iptables, sorry for not having that thought before I 
sent the initial email (groan)

+++
[root at yoyo ~]# more /etc/sysconfig/iptables
# Generated by iptables-save v1.4.12 on Sat Aug 11 23:29:10 2012
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -s 127.0.0.1/32 -d 192.168.2.0/24 -p udp -m state --state NEW -m udp --
dport 631
-A INPUT -s 127.0.0.1/32 -d 192.168.2.0/24 -p tcp -m state --state NEW -m tcp --
dport 631
-A INPUT -j LOG --log-prefix "<IPTABLES: LOG REJECT> "
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Sat Aug 11 23:29:10 2012
[root at yoyo ~]#
+++

More information about the users mailing list