Ubuntu :: Allowing Incoming Connections On Port 22 From Anywhere?
Jul 19, 2011
I'm trying to get VNC working but I'm getting this error message:
Quote:
ssh: connect to host my_ip_address port 22: Connection refused
When typing:
Quote:
ssh -f -L 5900:localhost:5900 user@my_ip_address x11vnc -safer -localhost -nopw -once -display :0 && sleep 5 && vncviewer localhost:0
I'm trying to follow the instructions here: [URL] but I'm struggling with point 2 & 3:
Quote:
2. If you have previously reconfigured the firewall on your PC, make sure the firewall allows incoming connections on port 22 from anywhere, and on port 5900 from localhost (also known as 127.0.0.1)
3. If your PC is behind a home router, or any other device that uses NAT, configure your router to send connection attempts on port 22 (but not port 5900) to your PC
So my questions are:
1. I installed a fresh version of Ubuntu 11.4, should I be concerned about step 2? If so, how can I allow incoming connections on port 22 from anywhere, and on port 5900 from localhost?
2. Regarding step 3, I'm using NETGEAR model DGN1000 router. Is that something that I should do from the router's setting page or it's some commands that I should pass through SSH?
View 1 Replies
ADVERTISEMENT
Apr 4, 2011
I'm trying to use iptables in order to forward all the incoming packets for port 5555 to port 5556 on the same server (192.168.2.101).
I wrote the following commands:
iptables -A PREROUTING -t nat -i any -p tcp --dport 5555 -j DNAT --to 192.168.2.101:5556
iptables -A FORWARD -p tcp -m state --state NEW -d 192.168.2.101 --dport 5556 -j ACCEPT
View 3 Replies
View Related
Jan 9, 2010
I want to set up my laptop to allow connections to certain users with passwords from anywhere over the internet via SSH but I'm unsure about how I would go about doing this. I only thought it would be the case of setting up the open-ssh server on the laptop then, using my external IP and PuTTY on another PC outside of the network, connect to the external IP through port 22 so I tried this and wait 3 or 4 minutes or so and it says the connection times out.
I have also configured my router to use port forwarding but this doesn't seem to help much either and I have LAMP setup to allow connections to external IP : 80. The only thing I am able to do is access the laptop through the local network by using its internal IP's like 127.198.0.1:22 or something. I was wondering if anybody knows if and could tell me how I would do this as I really want to be able to access my home computer/laptop from my work sometimes, especially if I have work at home which is not with me at work or something.
I know this is possible but I'm quite new to this type of thing and don't know what is going wrong. Have I missed something or do I need to change any .conf files or anything?
View 4 Replies
View Related
Apr 4, 2010
I need some suggestions on software. I would like to offer remote desktop support to some of our clients, but some of them are using ISP's that block incoming connections so, VNC is out of the question. I was wondering if there is something similar to logmein for ubuntu?
View 1 Replies
View Related
Aug 26, 2010
Do any programs need to be installed that aren't included in the default install of Linux Mint in order for it to allow VNC connections?
View 3 Replies
View Related
May 11, 2010
Howcome mysql by default is only allowing connections from localhost? I want to access it remotely from another account (not root).
View 1 Replies
View Related
Apr 11, 2010
Its been really bugging me that whenever I scan my connection with wireshark I see this one person sending me a SYN packet every minute on port 445. I know this is the dangerous port that the Conficker worm travels along. So far my computer seems to be immune and I know, at least on the Linux side that I can just add a rule to my ip tables to block that port indefinitely. I want to know what the next step is.
00 0c 41 b2 e4 1d 00 11 09 b2 2f 0e 08 00 45 00
00 30 91 84 40 00 80 06 d1 c7 46 4f 86 29 XX XX
XX XX 10 43 01 bd 9e 23 d6 27 00 00 00 00 70 02
ff ff 65 58 00 00 02 04 05 b4 01 01 04 02
This is one of the packet captures I am getting. After sending me this and getting no reply, all of a sudden he goes up an ip. Basically this would be the pseudocode for what it looks like hes doing on my end.
while(1){
for(int i = 1; i != 255; i++){
send_connection_attempt("XX.XX.XX." + i);
}
}
To me this looks like this guy has hijacked a computer and is using it to run a script over. He is still scanning my network as I said earlier, what should I do? Should I contact my ISP? or just nail down the hatches and make sure nothing is exposed on my network?
View 3 Replies
View Related
Jun 3, 2010
I have Fedora 10 set up as a server. Occasionally it will stop allowing connections, such as ssh, http, and samba. This continues until someone hits a key on the keyboard, and then it seems to come back to life and accept connections. At this point, the date and time will be wrong. Judging from monit messages that inform me when it stops allowing connections, I think the time freezes at whatever time it is when it stops allowing said connections.
Power Management has it set for the computer to never turn off. Sleep mode is also disabled in the BIOS.
I thought it was possibly the CMOS battery, but that has been replaced and the issue persists.
Someone previously thought it might have been Network Manager, but that is disabled due to issues it has with a static IP.
View 11 Replies
View Related
Jan 21, 2011
Is it fair to say that connLimit and hashlimit are very similiar on Linux i.e. while hashlimit caters to limits for groups of ports, they both set the connection rate limit per host? How in IPTables, do I configure a policy that limits connections on a port that encapsulates the total sum of all connections from all hosts? i.e. I do not want to allow more than 6000conn/minute for port range that is the sum of all connecting hosts?
View 3 Replies
View Related
Mar 13, 2010
I'm using Linux Mint 8 KDE, which is essentially kubuntu karmic.
Been trying to set up bittorrent (tried several different apps), have followed all the usual steps, forwarded ports on both Guarddog and my router, but still no incoming connections. Then tried disabling the firewall in Guarddog - still no incoming connections. Never had any problems configuring my router before so can only think that there must be something else blocking ports in linux other than iptables.Also had same problem just using ufw and gufw
View 1 Replies
View Related
Oct 24, 2009
incoming connections are not being reported to my /var/log/secure. I can't see if people are trying to connect. I can't troubleshoot because I can't do anything.
View 5 Replies
View Related
Feb 24, 2010
I want to allow 100 incoming connections to my linux server running smtp. I know that tcpserver -c will set the limit of allowed incoming connections, but how can I tell what the currently set limit is?
View 4 Replies
View Related
Feb 25, 2011
I have a bunch of Ubuntu boxes on one subnet, 192.168.1.0. I have a Windows 7 box on another subnet, 192.168.2.0. I am able to ping and SSH to all servers on the .1 subnet except for one server, which I will call PITA. I will attempt to SSH to PITA, and it won't respond, nor does it respond to pings. I will the SSH to PITA from another of the test servers, successfully connect, and then when I SSH from my Windows 7 machine I can connect successfully. If I first connect via console to PITA and send some pings out (to anywhere, like 4.2.2.2), I can also connect from my Windows 7 machine. I've never seen anything like this.
One of the weird things is that I used PITA to create an image that I then used to create many of the other test servers, and they work fine, so I'm not sure what the problem is. I've checked /var/log/messages and syslog and there's nothing in them that indicates a problem. I've rebooted this server, restarted SSH, changed the IP in case it was conflicting with something else, forced an ARP update in case it was cached (since I had bonded the interfaces), cleared the ARP cache on my own machine, verified Network Manager is not installed...and I still have this issue.
Here are some network-related config:
/etc/network/interfaces
Quote:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
[code]....
View 3 Replies
View Related
May 19, 2010
My question is simple - is there any linux app or applet which is able to show (monitor) incoming and outgoing connections assuming it's a direct internet access? I was using a firewall on a system off Redmont which was able to show every connection, listening ports of services if some were opened etc.
View 1 Replies
View Related
Jul 4, 2010
I am still new to ubuntu and I use firestarter as my firewall tool and I was told that its just ufw in a gui. Well anyways I noticed a connection to 174.129.241.144 using https and python, I didn't have any scripts running and my browser was closed, I read the man files for ufw and it said to do something like deny from 174.129.0.0/12 and I want to block all incoming and outgoing connections to this IP range and I was wondering how to do that, I heard of iptables that it would be able to do this but I dont know anything about it. What I should learn so I can handle these kinds of situation in the future and how I can block this ip subnet or also what does the /8, /12, and /16 stand for?
View 7 Replies
View Related
Jul 15, 2011
i want if a port (exp. 1001) have 20 connections that the next new connection forword to an other port (exp. 1002).
View 2 Replies
View Related
Sep 5, 2010
I've got two virtual machines running, the first VM (VM1) has two network interfaces, one bridged with my real lan, one a private subnet. The second VM (VM2) has one nic, only on the private subnet.
I have VM1 acting as a router for VM2, giving access to my real lan for internet access. The problem I'm having is I cannot get VM1 to forward ports 80 (http) or 222 (ssh) to VM2 from my real lan.
Here is the script I've cobbled together from various (foreshadowing!) locations:
Code:
View 1 Replies
View Related
Mar 30, 2011
I have a server that I can only access via SSH (it's located far away) and I would like to secure it by blocking all ports except the ones that I need (which are HTTP and SSH). I still want to be able to make outgoing connections to enable software updates and other things.This is my iptables -L -n :
Code:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:1:21
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:23:79
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:81:65535
code....
In my opinion, this should block all incoming packets except the ones on port 80 and 22, but allow responses to outgoing connections. But a wget http://google.com does not work, it can't establish the connection.
Maybe this is not the best style for iptables rules, but I want to be absolutely sure to not accidently lock myself out from SSH, so I chose not to configure a "block-everything rule".
Does this configuration not enable incoming packets from connections initiated from inside?
View 3 Replies
View Related
May 16, 2011
I have a iptable as firewall, I want to open incoming of port 8080 so I use "# Allow forwarding of incoming Port 8080 traffic" but it didn't work? how can I open just incoming of port 8080?
View 3 Replies
View Related
Feb 28, 2010
How do i set my ubuntu server to use port 4055 for incoming telnets>
View 1 Replies
View Related
Dec 5, 2010
I have set up an openvpn server on ubuntu via port tcp 443. The server use a public network and almost every ports are blocked (not 443) So when a client connect to the server, if it send traffic needing a blocked port, the connection cannot been etablished of course. So i d like to know if it is possible to redirect all incoming traffic on the server to an other unblocked port (like 443) to bypass firewall.
I dont think openvpn offer this possibility but maybe with linux it is possible..
View 3 Replies
View Related
Mar 9, 2010
I've got a box with 2 interfaces, with IP1 = 192.168.100.1 and IP2 = 10.1.1.1 respectively on them. I've got an iptables rule that looks like:
Code:
iptables -t nat -A POSTROUTING -s 192.168.100.0/24 -d 10.0.0.0/8 -p udp -j SNAT --to-source 10.1.1.1 --random
If I get 2 consecutive packets from the same address and port from 192.168.100.0/24, they get SNAT-ed and come out of the same port on 10.1.1.1. If then I get another packet from the same address and port 10 minutes later, then it gets SNAT-ed, but comes out of a different port on 10.1.1.1. How can I set the time delay I would like iptables to remember its incoming address/port to outgoing port mappings?
View 8 Replies
View Related
Mar 9, 2010
I've got a box with 2 interfaces, with IP1 = 192.168.100.1 and IP2 = 10.1.1.1 respectively on them. I've got an iptables rule that looks like:
Code:
iptables -t nat -A POSTROUTING -s 192.168.100.0/24 -d 10.0.0.0/8 -p udp -j SNAT --to-source 10.1.1.1 --random
If I get 2 consecutive packets from the same address and port from 192.168.100.0/24, they get SNAT-ed and come out of the same port on 10.1.1.1. If then I get another packet from the same address and port 10 minutes later, then it gets SNAT-ed, but comes out of a different port on 10.1.1.1. My question is: how can I set the time delay I would like iptables to remember its incoming address/port to outgoing port mappings?
View 3 Replies
View Related
Apr 17, 2010
I'm not sure if this is a Linux standard, but I've always understood that Linux restricts usage of ports below 1025 to root-user only. My question is why was this method developed?My theory is that it's to reduce the possibilty users who may not be as knowledgable with Linux from getting hacked. This is probably wrong though as ports 1025-66535 are available to any program as any user.
View 1 Replies
View Related
Apr 13, 2011
I explain my problem:
- Server with Slackware 10.1.0 no have tcp connection to the port 2049. And I need that this server have tcp connections.
- The rpcinfo out is.
- The kernel version for this server is linux-2.4.29.
- The file /etc/rpc contain is:
- And the file /etc/service contain about nfs is:
View 20 Replies
View Related
Feb 18, 2010
A deamon say ssh will be listening on port 22. when a new connection is requested by the client, it will be authenticated and a new connection gets establihed with some port say 1025. And ssh will continue to listen on 22 for new connections.If I am correct then in my machine I observed following connections are establised to ssh port 22, As per my understanding connection should be established on a different port other than 22.
View 3 Replies
View Related
Sep 29, 2010
I'm trying to setup VNC on our debian server so the boss can remotely do admin stuff from anywhere in the world. the first step is getting it working from anywhere in the room, though. And I can't even seem to get that far.
So far I have a VNC server setup, although not without problems. I downloaded and installed vnc from the vnc site, that wouldn't work because trying to start a vnc server gave this error: "error while loading shared libraries: libstdc++-libc6.2-2.so.3: cannot open shared object file: No such file or directory"
There are lots of results on google for this error, and the solution everywhere seems to be the same. to install the package: libstdc++2.10-glibc2.2
However, trying to install this package in debian fails. both using apt-get and trying to manually download it from packages.debian.org it just doesn't seem to exist.
I've tried tightvnc from the official repositories and it gives the same error, too.
The way I got around that eventually, thanks to another tutorial, was to install the package vnc4server. then run vnc4passwd to create a password. and after that vncserver works fine, or seems to. Creates display 1.
Now, when I'm trying to connect to hostname:1 from another computer in the LAN. It gives error 10061, connection refused. I installed the debian and I don't recall setting it up to refuse connections on port 1. Is there anything I should check or change to allow the connection, or any log file in debian to check and see what's going wrong?
I'm also trying connecting internally via client on the debian machine, but I can't runvncviewer. I get the same missing shared library error as before. I guess I just worked around, not solved it.
I also can't access it with the java viewer. Trying to connect on port 5801 either from the server itself, or from another one on the lan, tells me it's refusing the connection.
To be clear, I'm certain that the vnc server is started. We have working DNS, and trying to connect directly to the internal IP:1 doesn't work either.
View 6 Replies
View Related
Apr 26, 2010
I'm running suse 11.1 which is configured as a router. Configured are two DSL connections with static IP's and one LAN connection (3 NIC's all together).
Problem: suse firewall will only port forward connections from one of the DSL connections and not the other.
Because I'm running two DSL connections is there something special I have to turn on/enable on the firewall?
View 1 Replies
View Related
Sep 5, 2010
How to number of connections for a single ip on port 80 to CentOS 5.5 with iptables? connlimit did not work on CentOS and nginx does not provide a module for that
View 4 Replies
View Related
Feb 18, 2011
Our DBA has an application running on Server2 which needs to connect to Server1 (Linux OEL5.5 server) thru port# 9171. I use telnet to test basic connectivity.What should I do on Server1 in order to open up port#9171 for connection.
View 4 Replies
View Related
