nanomir
06-01-2009, 00:50
Hi all,
Have a strange problem. I managed to get dropbear and other stuff running using 1.9.2.7-9, and I've also used
iptables -I INPUT 1 -p all --dport 22 -j ACCEPT so when scanning from http://www.pcflank.com/scanner1.htm I can see I have port 22 open - and I can also connect via SSH from my mobile phone using PocketTTY - so all should be good there. Of course, locally via Putty I connect to dropbear no problem.
But, I've had a problem geting svn+ssh to work, so in hope to troubleshoot I tried to login via ssh on a PC at work, and then try to ssh from there to the router. I got connection refused *every time*. Now, I remembered that I had disabled "Respond Ping Request from WAN?" and set "Logged packets type:" to None, so as to lower used resources.
First I try to enable ping respond, and reboot from web page. Immediately after router reboots, I can connect via ssh to router the very first time from remote shell - but after that I cannot.
Then I set logged packets to drop, again reboot from webpage, login via telnet to router and observe "*tail -f /tmp/syslog.log*", and then I try smething like this:
workuser@remotePCatWork:~$ ssh root@myrouter.somedns.com
ssh: connect to host myrouter.somedns.com port 22: Connection refused
workuser@remotePCatWork:~$ ssh root@myrouter.somedns.com -D myrouter.somedns.com:22
Privileged ports can only be forwarded by root.
workuser@remotePCatWork:~$ telnet myrouter.somedns.com
Trying myrouter.somedns.com... (*waits, ctrl-C to break - observe dropped packets in log locally*)
workuser@remotePCatWork:~$ telnet myrouter.somedns.com 22
Trying myrouter.somedns.com...
Connected to myrouter.somedns.com.
workuser@remotePCatWork:~$ svn list svn+ssh://root@myrouter.somedns.com/opt/share/svn/testrepo
root@myrouter.somedns.com's password: (*...all seems ok...*)
Then I go back again, set logged packets to none, again Connection refused - even with the above procedure repeated. Which tells me that probably logged packet types must be turned on for connecting from work - but why would that be so, when I can connect, say, from mobile (goes via mobile internet) or locally without problems?
[EDIT]
Went back to firewall setup in webpage, set logged packets to Dropped, rebooted - and now it won't connect again ??!! Getting connection refused all the time - and not even dropped packets are shown??.. Also, pinging from the remote shell works... Could it be something at work? But if port 22 was blocked (and I asked, it shouldn't be) then why it let me already connect twice??
[EDIT2] Just now, after a couple of minutes wait after reboot, I hear the harddisk start reading something, and I decide for the heck of it to connect, and I can connect ??!! Looking at the log there are 3 mins between the last (unrelated) drop message, and the next one (where apparently I hear the drive) and it looks like this:
Jan 6 01:56:56 kernel: DROP IN=eth1 OUT= ....
Jan 6 01:59:45 xinetd[143]: START: netbios-ns pid=292 from=192.168.1.3
Jan 6 01:59:53 kernel: DROP IN=eth1 OUT= ... SRC=remotePCatWorkIP ... DPT=23 (my telnet test, which should be dropped)
Jan 6 01:59:58 dropbear[293]: Child connection from ::ffff:remotePCatWorkIP:52201 (ssh test, OK connect)
Is the conclusion that: I should enable logging dropped packets, and wait for seeing xinetd start netbios-ns from 192.168.1.3 (which is the machine I'm executing all of this from), before connecting from ssh from the remote shell? And why ? :)
Thanks,
Cheers !
Have a strange problem. I managed to get dropbear and other stuff running using 1.9.2.7-9, and I've also used
iptables -I INPUT 1 -p all --dport 22 -j ACCEPT so when scanning from http://www.pcflank.com/scanner1.htm I can see I have port 22 open - and I can also connect via SSH from my mobile phone using PocketTTY - so all should be good there. Of course, locally via Putty I connect to dropbear no problem.
But, I've had a problem geting svn+ssh to work, so in hope to troubleshoot I tried to login via ssh on a PC at work, and then try to ssh from there to the router. I got connection refused *every time*. Now, I remembered that I had disabled "Respond Ping Request from WAN?" and set "Logged packets type:" to None, so as to lower used resources.
First I try to enable ping respond, and reboot from web page. Immediately after router reboots, I can connect via ssh to router the very first time from remote shell - but after that I cannot.
Then I set logged packets to drop, again reboot from webpage, login via telnet to router and observe "*tail -f /tmp/syslog.log*", and then I try smething like this:
workuser@remotePCatWork:~$ ssh root@myrouter.somedns.com
ssh: connect to host myrouter.somedns.com port 22: Connection refused
workuser@remotePCatWork:~$ ssh root@myrouter.somedns.com -D myrouter.somedns.com:22
Privileged ports can only be forwarded by root.
workuser@remotePCatWork:~$ telnet myrouter.somedns.com
Trying myrouter.somedns.com... (*waits, ctrl-C to break - observe dropped packets in log locally*)
workuser@remotePCatWork:~$ telnet myrouter.somedns.com 22
Trying myrouter.somedns.com...
Connected to myrouter.somedns.com.
workuser@remotePCatWork:~$ svn list svn+ssh://root@myrouter.somedns.com/opt/share/svn/testrepo
root@myrouter.somedns.com's password: (*...all seems ok...*)
Then I go back again, set logged packets to none, again Connection refused - even with the above procedure repeated. Which tells me that probably logged packet types must be turned on for connecting from work - but why would that be so, when I can connect, say, from mobile (goes via mobile internet) or locally without problems?
[EDIT]
Went back to firewall setup in webpage, set logged packets to Dropped, rebooted - and now it won't connect again ??!! Getting connection refused all the time - and not even dropped packets are shown??.. Also, pinging from the remote shell works... Could it be something at work? But if port 22 was blocked (and I asked, it shouldn't be) then why it let me already connect twice??
[EDIT2] Just now, after a couple of minutes wait after reboot, I hear the harddisk start reading something, and I decide for the heck of it to connect, and I can connect ??!! Looking at the log there are 3 mins between the last (unrelated) drop message, and the next one (where apparently I hear the drive) and it looks like this:
Jan 6 01:56:56 kernel: DROP IN=eth1 OUT= ....
Jan 6 01:59:45 xinetd[143]: START: netbios-ns pid=292 from=192.168.1.3
Jan 6 01:59:53 kernel: DROP IN=eth1 OUT= ... SRC=remotePCatWorkIP ... DPT=23 (my telnet test, which should be dropped)
Jan 6 01:59:58 dropbear[293]: Child connection from ::ffff:remotePCatWorkIP:52201 (ssh test, OK connect)
Is the conclusion that: I should enable logging dropped packets, and wait for seeing xinetd start netbios-ns from 192.168.1.3 (which is the machine I'm executing all of this from), before connecting from ssh from the remote shell? And why ? :)
Thanks,
Cheers !