Tux

...making Linux just a little more fun!

Accessing the Linux Server from Home

raj [raj at technofina.com]
Wed, 29 Nov 2006 14:53:27 -0500

Hi James, My Name is raj and i work as a technical recruiter at technofina Inc, we are a NewYork based Software consulting firm. I work as a unix admin too some times(i suck at it tough). Well comming to the problem, i have a Red hat Linux based system at our office which we use to train students on java/j2ee, the problem is that students are able to access the linux server(using ssh) from the office intranet, but not via internet from their homes. The students are able to ping the server(we have a static IP assigned to us by the ISP). I need your help in resolving the above problem.

Thanks in advance

Thanks,

-- 
Raj
Technical Recruiter
Technofina Inc.
45 West, 34 street.
New York 10001, NY.
E-Mail: raj@technofina.com
Phone : 212-629-7483.
Fax : 646-219-2466

Top    Back


Karl-Heinz Herrmann [kh1 at khherrmann.de]
Wed, 29 Nov 2006 21:24:36 +0100 (MET)

On Wed, 29 Nov 2006 14:53:27 -0500 "raj" <raj@technofina.com> wrote:

>       the problem, i have a Red hat Linux based system at our office
>       which we use to train students on java/j2ee, the problem is that
>       students are able to access the linux server(using ssh) from the
>       office intranet, but not via internet from their homes.
>                 The students are able to ping the server(we have a
>                 static IP assigned to us by the ISP).

I'm not familiar with Red Hat -- but have a look at the firewall configuration and check if there are any restrictions for port 22 (ssh) on your machine (or the router which keeps the line to the outside world). This could also be your ISP -- but ping getting through and ssh not would be weird. On the other hand there are still ISPs out there which never heard of anything newer than telnet -- so asking them anyway might not hurt.

K.-H.


Top    Back


Karl-Heinz Herrmann [kh1 at khherrmann.de]
Wed, 29 Nov 2006 21:29:54 +0100 (MET)

[I forgot rajs CC anyway, so here with something more]

On Wed, 29 Nov 2006 14:53:27 -0500 "raj" <raj@technofina.com> wrote:

>       the problem, i have a Red hat Linux based system at our office
>       which we use to train students on java/j2ee, the problem is that
>       students are able to access the linux server(using ssh) from the
>       office intranet, but not via internet from their homes.
>                 The students are able to ping the server(we have a
>                 static IP assigned to us by the ISP).

I'm not familiar with Red Hat -- but have a look at the firewall configuration and check if there are any restrictions for port 22 (ssh) on your machine (or the router which keeps the line to the outside world). This could also be your ISP -- but ping getting through and ssh not would be weird. On the other hand there are still ISPs out there which never heard of anything newer than telnet -- so asking them anyway might not hurt.

Just in case you are talking about technofina.com (70.86.149.8):

:~> ping technofina.com
PING technofina.com (70.86.149.8) 56(84) bytes of data.
64 bytes from 8.95.5646.static.theplanet.com (70.86.149.8): icmp_seq=1 ttl=108 time=210 ms
64 bytes from 8.95.5646.static.theplanet.com (70.86.149.8): icmp_seq=2 ttl=108 time=211 ms
64 bytes from 8.95.5646.static.theplanet.com (70.86.149.8): icmp_seq=3 ttl=108 time=210 ms
 
--- technofina.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 210.325/210.683/211.379/0.492 ms
 
 
:~> telnet 70.86.149.8 22
Trying 70.86.149.8...
telnet: connect to address 70.86.149.8: Connection refused
and this was a very quick reply, so something was not just letting me run into a blocked firewall but the connection was actively refused, which means firewall or ssh config. Is sshd running on its own or started on demand via [x]inted and a wrapper which check permissions to connect?

K.-H.


Top    Back


Benjamin A. Okopnik [ben at linuxgazette.net]
Wed, 29 Nov 2006 23:21:34 -0500

On Wed, Nov 29, 2006 at 09:29:54PM +0100, Karl-Heinz Herrmann wrote:

> 
> Just in case you are talking about technofina.com (70.86.149.8):
> 
> :~> ping technofina.com
> PING technofina.com (70.86.149.8) 56(84) bytes of data.
> 64 bytes from 8.95.5646.static.theplanet.com (70.86.149.8): icmp_seq=1 ttl=108 time=210 ms
> 64 bytes from 8.95.5646.static.theplanet.com (70.86.149.8): icmp_seq=2 ttl=108 time=211 ms
> 64 bytes from 8.95.5646.static.theplanet.com (70.86.149.8): icmp_seq=3 ttl=108 time=210 ms
> 
> --- technofina.com ping statistics ---
> 3 packets transmitted, 3 received, 0% packet loss, time 1999ms
> rtt min/avg/max/mdev = 210.325/210.683/211.379/0.492 ms
> 
> 
> :~> telnet 70.86.149.8 22
> Trying 70.86.149.8...
> telnet: connect to address 70.86.149.8: Connection refused
> 
> and this was a very quick reply, so something was not just letting me
> run into a blocked firewall but the connection was actively refused,
> which means firewall or ssh config.  Is sshd running on its own or
> started on demand via [x]inted and a wrapper which check permissions to
> connect? 

I doubt that there's a firewall there - or that it's the right box.

ben@Fenrir:~$ nmap -v -A technofina.com
 
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2006-11-29 23:00 EST
Machine 70.86.149.8 MIGHT actually be listening on probe port 80
DNS resolution of 1 IPs took 0.29s.
Initiating Connect() Scan against 8.95.5646.static.theplanet.com (70.86.149.8) [1680 ports] at 23:01
Discovered open port 21/tcp on 70.86.149.8
Discovered open port 3389/tcp on 70.86.149.8
Discovered open port 25/tcp on 70.86.149.8
Discovered open port 554/tcp on 70.86.149.8
Discovered open port 443/tcp on 70.86.149.8
Discovered open port 80/tcp on 70.86.149.8
Discovered open port 1234/tcp on 70.86.149.8
Discovered open port 808/tcp on 70.86.149.8
Discovered open port 1222/tcp on 70.86.149.8
Discovered open port 1755/tcp on 70.86.149.8
Discovered open port 3306/tcp on 70.86.149.8
Discovered open port 1248/tcp on 70.86.149.8
Discovered open port 2105/tcp on 70.86.149.8
The Connect() Scan took 423.03s to scan 1680 total ports.
Initiating service scan against 13 services on 8.95.5646.static.theplanet.com (70.86.149.8) at 23:08
Stats: 0:07:23 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan
Service scan Timing: About 46.15% done; ETC: 23:08 (0:00:15 remaining)
The service scan took 72.83s to scan 13 services on 1 host.
Host 8.95.5646.static.theplanet.com (70.86.149.8) appears to be up ... good.
Interesting ports on 8.95.5646.static.theplanet.com (70.86.149.8):
Not shown: 1662 closed ports
PORT     STATE    SERVICE       VERSION
21/tcp   open     ftp           Rhinosoft Serv-U FTP
25/tcp   open     smtp          Microsoft ESMTP 6.0.3790.1830
80/tcp   open     http          Microsoft IIS webserver 6.0
135/tcp  filtered msrpc
139/tcp  filtered netbios-ssn
443/tcp  open     https?
445/tcp  filtered microsoft-ds
554/tcp  open     rtsp          Microsoft Windows Media Server 9.0.0.3372
808/tcp  open     ccproxy-http?
1023/tcp filtered netvenuechat
1222/tcp open     msrpc         Microsoft Windows RPC
1234/tcp open     http          Microsoft IIS httpd
1248/tcp open     nsclient      Netsaint Windows Client
1755/tcp open     wms?
2105/tcp open     msrpc         Microsoft Windows RPC
3306/tcp open     mysql         MySQL 4.1.12-nt
3389/tcp open     microsoft-rdp Microsoft Terminal Service
4444/tcp filtered krb524
Service Info: Host: w3.hamarashehar.com; OS: Windows
 
Nmap finished: 1 IP address (1 host up) scanned in 503.064 seconds
That's a bunch of open ports - many of which (e.g., 139 and 1222) would be the first things hidden behind a firewall if one was available. It allows FTP, IIS/HTTP access... that's pretty much an unprotected system. Also note that it's a Windows box - i.e., presumably not the RedHat system that's being asked about.

-- 
* Ben Okopnik * Editor-in-Chief, Linux Gazette * http://LinuxGazette.NET *

Top    Back


Faber J. Fedor [faber at linuxnj.com]
Thu, 30 Nov 2006 00:02:32 -0500

On 29/11/06 23:21 -0500, Benjamin A. Okopnik wrote:

> ben@Fenrir:~$ nmap -v -A technofina.com
<snip>

> Not shown: 1662 closed ports
> PORT     STATE    SERVICE       VERSION
> 21/tcp   open     ftp           Rhinosoft Serv-U FTP
> 25/tcp   open     smtp          Microsoft ESMTP 6.0.3790.1830
> 80/tcp   open     http          Microsoft IIS webserver 6.0

<more snippage>

You know, I always assumed nmap looked up the service in /etc/services but the above output (particularly the VERSION column) leads me to beleive otherwise.

After nmap-ing my machine, I found port 902 open. That makes sense because I'm running VMware server (virtualization rocks!). However, nmap stated the service for 902 is iss-realsecure-sensor whereas my /etc/services says 902 is for vmware-authd.

So where is nmap getting the data from? A quick scan of the docs showed nothing nor did strings. Is nmap phoning home? Is it accessing files I haven't determined?

Enquiring minds want to know.

-- 
 
Regards,
 
Faber Fedor
President
Linux New Jersey, Inc.
908-320-0357
800-706-0701


Top    Back


Predrag Ivanovic [predivan at ptt.yu]
Thu, 30 Nov 2006 17:22:32 +0100

On Thu, 30 Nov 2006 00:02:32 -0500 Faber J. Fedor wrote:

> <more snippage>
> 
> You know, I always assumed nmap looked up the service in /etc/services
> but the above output (particularly the VERSION column) leads me to
> beleive otherwise.  
> 
> After nmap-ing my machine, I found port 902 open.  That makes sense
> because I'm running VMware server (virtualization rocks!).  However, nmap
> stated the service for 902 is iss-realsecure-sensor whereas my  /etc/services
> says 902 is for vmware-authd. 
> 
> So where is nmap getting the data from?  A quick scan of the docs showed
> nothing nor did strings.  Is nmap phoning home? Is it accessing files I
> haven't determined?
> 
> Enquiring minds want to know.

From nmap-services, which is part of the source and installed in /usr/share/nmap.

Pedja

-- 
 "The Linux philosophy is to laugh in face of danger.
 Oops. Wrong one. 'Do it yourself' That's it." -- Linus Torvalds

Top    Back


Benjamin A. Okopnik [ben at linuxgazette.net]
Thu, 30 Nov 2006 12:20:58 -0500

On Thu, Nov 30, 2006 at 12:02:32AM -0500, Faber Fedor wrote:

> On 29/11/06 23:21 -0500, Benjamin A. Okopnik wrote:
> > ben@Fenrir:~$ nmap -v -A technofina.com
>  <snip>
> 
> > Not shown: 1662 closed ports
> > PORT     STATE    SERVICE       VERSION
> > 21/tcp   open     ftp           Rhinosoft Serv-U FTP
> > 25/tcp   open     smtp          Microsoft ESMTP 6.0.3790.1830
> > 80/tcp   open     http          Microsoft IIS webserver 6.0
> 
> <more snippage>
> 
> You know, I always assumed nmap looked up the service in /etc/services
> but the above output (particularly the VERSION column) leads me to
> beleive otherwise.  
> 
> After nmap-ing my machine, I found port 902 open.  That makes sense
> because I'm running VMware server (virtualization rocks!).  However, nmap stated
> the service for 902 is iss-realsecure-sensor whereas my  /etc/services
> says 902 is for vmware-authd. 
> 
> So where is nmap getting the data from?  A quick scan of the docs showed
> nothing nor did strings.  Is nmap phoning home? Is it accessing files I
> haven't determined?
> 
> Enquiring minds want to know.
ben@Fenrir:/tmp$ strace -s 4096 -o nmap.strace nmap 127.0.0.1
Looking through the resulting file, I find the following:

stat64("/usr/share/nmap/nmap-services", {st_mode=S_IFREG|0644, st_size=108536, ...}) = 0
stat64("./nmap-services", 0xbfac1a10)   = -1 ENOENT (No such file or directory)
open("/usr/share/nmap/nmap-services", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=108536, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f14000
read(3, "# Well known service port numbers -*- mode: fundamental; -*-\n# From the Nmap security scanner ( http://www.insecure.org/nmap/ )\n#\n# $Id: nmap-services 3515 2006-06-19 04:01:16Z fyodor $\n# For a HUGE list of services (including these and others), \n# see http://www.graffiti.com/services\ntcpmux            1/tcp      # TCP Port Service Multiplexer [rfc-1078]\ntcpmux            1/udp      # TCP Port Service Multiplexer\ncompressnet       2/tcp      # Management Utility\ncompressnet       2/udp      # Management Utility\ncompressnet       3/tcp      # Compression Process\ncompressnet       3/udp      # Compression Process\nrje  
 
[ ... ]
If you note the 'read' and the file handle it uses (3), then look above it and note the 'open' call that produces the '3', the answer is "/usr/share/nmap/nmap-services".

As has been said here often, 'strace' is your friend. :)

-- 
* Ben Okopnik * Editor-in-Chief, Linux Gazette * http://LinuxGazette.NET *

Top    Back