possible problem with scp/ssh/telnet
David G. Miller
dave at davenjudy.org
Sun Aug 12 23:12:13 UTC 2012
Paul Allen Newell <pnewell <at> cs.cmu.edu> writes:
> Up until recently, I have been able to scp/ssh from my F16 box to my
> WinXP under cygwin without problem. Today, it appears that isn't the case.
<SNIP>
>it is logging errors and I see the following:
>
> Aug 11 23:43:43 yoyo kernel: [ 779.725071] <IPTABLES: LOG REJECT>
> IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1e:8c:c3:21:d6:08:00
> SRC=192.168.2.14 DST=192.168.2.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128
> ID=33554 PROTO=UDP SPT=138 DPT=138 LEN=209
<SNIP>
>
Just a quick lesson in reading IP tables logs. For first level connection
debugging I find the following pieces of information in the log to be most
useful:
SRC=IP address of the sending system
DST=IP address of the destination system
Do an ifconfig (Linux) or ipconfig (Windows) to see what the IP address is for
both end points. Verifying these lets you make sure the problem isn't DNS.
PROTO=The protocol for the communication. Typically one of UDP, TCP or ICMP.
ssh and telnet use TCP so these log entries are for something else.
SPT=Source port. Can be interesting if you have outbound firewall filter rules
(most people don't).
DPT=Destination port. Identifies the service requested at the destination.
Look in /etc/services for definitions. ssh is service (or port 22) and telnet
is service (or port) 23. Your log entries are to port 138 so, again, nothing to
do with ssh or telnet.
Cheers,
Dave
More information about the users
mailing list