possible problem with scp/ssh/telnet
Paul Allen Newell
pnewell at cs.cmu.edu
Sun Aug 12 23:27:31 UTC 2012
[inline]
On 8/12/2012 4:12 PM, David G. Miller wrote:
> Paul Allen Newell <pnewell <at> cs.cmu.edu> writes:
>
>
> <SNIP>
>
>> it is logging errors and I see the following:
>>
>> Aug 11 23:43:43 yoyo kernel: [ 779.725071] <IPTABLES: LOG REJECT>
>> IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1e:8c:c3:21:d6:08:00
>> SRC=192.168.2.14 DST=192.168.2.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128
>> ID=33554 PROTO=UDP SPT=138 DPT=138 LEN=209
> <SNIP>
> Just a quick lesson in reading IP tables logs. For first level connection
> debugging I find the following pieces of information in the log to be most
> useful:
>
> SRC=IP address of the sending system
> DST=IP address of the destination system
>
> Do an ifconfig (Linux) or ipconfig (Windows) to see what the IP address is for
> both end points. Verifying these lets you make sure the problem isn't DNS.
Dave:
Thanks for reply.
I checked ifconfig/ipconfig, plus verified the hosts file on both
machines. I also checked the tcp/ip settings on the Windows side.
Everything looks correct and certainly has not changed.
>
> PROTO=The protocol for the communication. Typically one of UDP, TCP or ICMP.
> ssh and telnet use TCP so these log entries are for something else.
Missed that, thanks. I was just so happy to get a log on the two
machines that I didn't check the PROTO. I did a quick rescan of the
messages and there are no TCP entries as a PROTO. Yeah, I am confused
>
> SPT=Source port. Can be interesting if you have outbound firewall filter rules
> (most people don't).
> DPT=Destination port. Identifies the service requested at the destination.
> Look in /etc/services for definitions. ssh is service (or port 22) and telnet
> is service (or port) 23. Your log entries are to port 138 so, again, nothing to
> do with ssh or telnet.
Okay, more confusion as I am not seeing any port 22.
As mentioned in an earlier email today, everything is up and running so
I can't do any more "tests when in failure mode".
My take on this is that I should treat the info in the logs to be not
relevant, especially when I was able to prove Ed's thesis that the
problem is on the cygwin/WinXP side given powering down the Fedora box
and just running a self-referential ssh on the cygwin side generated the
"connection refused" error.
I'm going to take the risk of not putting a question mark at the end of
that sentence as I really hope that I have got this right
Paul
>
> Cheers,
> Dave
>
More information about the users
mailing list