Fórum Ubuntu CZ/SK
Ubuntu pro osobní počítače => Obecná podpora => Téma založeno: The_ERROR 28 Prosince 2009, 20:10:29
-
Nedari se mi se pripojit pomoci SSH, i kdyz vim ze server je dostupny, protoze z windows z pocitace vedle mi to jde bez problemu. Osobne bych to tak hadal na nejaky zapomenuty FW, protoze jsem jednu dobu s firewally trochu experimentoval a je dost mozne ze neco zustalo viset a ted se mi nedari se pripojit kvuli zablokovanemu portu.
Kdyz tak mi asi dejte vedet co vsechno chcete vypsat. Pro zacatek snad jen vypis procesu:
PID S COMMAND
1 S /sbin/init
2 S [kthreadd]
3 S [migration/0]
4 S [ksoftirqd/0]
5 S [watchdog/0]
6 R [events/0]
7 S [cpuset]
8 S [khelper]
9 S [netns]
10 S [async/mgr]
11 S [kintegrityd/0]
12 S [kblockd/0]
13 S [kacpid]
14 S [kacpi_notify]
15 S [kacpi_hotplug]
16 S [ata/0]
17 S [ata_aux]
18 S [ksuspend_usbd]
19 S [khubd]
20 S [kseriod]
21 S [kmmcd]
22 S [bluetooth]
23 S [khungtaskd]
24 S [pdflush]
25 S [pdflush]
26 S [kswapd0]
27 S [aio/0]
28 S [ecryptfs-kthrea]
29 S [crypto/0]
33 S [scsi_eh_0]
34 S [scsi_eh_1]
35 S [scsi_eh_2]
36 S [scsi_eh_3]
37 S [scsi_eh_4]
39 S [scsi_eh_5]
45 S [kstriped]
46 S [kmpathd/0]
47 S [kmpath_handlerd]
48 S [ksnapd]
49 S [kondemand/0]
50 S [kconservative/0]
51 S [krfcommd]
273 S [khpsbpkt]
303 S [knodemgrd_0]
305 S [i915/0]
307 S [usbhid_resumer]
387 S [kjournald]
445 S upstart-udev-bridge --daemon
448 S udevd --daemon
664 S [kpsmoused]
666 S [tifm]
681 S [ipw2200/0]
682 S udevd --daemon
701 S udevd --daemon
712 S [pccardd]
733 S [hd-audio0]
1033 S dd bs=1 if=/proc/kmsg of=/var/run/rsyslog/kmsg
1049 S rsyslogd -c4
1064 S /sbin/mount.ntfs /dev/sda5 /media/Data -o rw,nosuid,nodev,uhelper=hal,utf8,shortname=winnt,uid=
1089 S dbus-daemon --system --fork
1128 S avahi-daemon: running [icewind-laptop.local]
1129 S avahi-daemon: chroot helper
1130 S hald --daemon=yes
1131 S gdm-binary
1152 S /usr/sbin/console-kit-daemon
1219 S hald-runner
1225 S NetworkManager
1227 S /usr/sbin/modem-manager
1266 S /sbin/wpa_supplicant -u -s
1270 S /sbin/getty -8 38400 tty4
1272 S /sbin/getty -8 38400 tty5
1286 S /usr/lib/gdm/gdm-simple-slave --display-id /org/gnome/DisplayManager/Display1
1306 S /sbin/getty -8 38400 tty2
1307 S /sbin/getty -8 38400 tty3
1309 S /sbin/getty -8 38400 tty6
1313 S acpid -c /etc/acpi/events -s /var/run/acpid.socket
1321 S atd
1322 S cron
1323 S /usr/bin/X :0 -br -verbose -auth /var/run/gdm/auth-for-gdm-rAai9O/database -nolisten tcp vt7
1324 S /usr/lib/hal/hald-addon-ipw-killswitch
1374 S hald-addon-input: Listening on /dev/input/event5 /dev/input/event1 /dev/input/event0 /dev/input/event2 /dev/input/event4 /dev/input/event6
1384 S hald-addon-storage: polling /dev/sr0 (every 2 sec)
1398 S /usr/lib/hal/hald-addon-cpufreq
1408 S hald-addon-acpi: listening on acpid socket /var/run/acpid.socket
1416 S /usr/sbin/sshd
1515 S /usr/lib/gdm/gdm-session-worker
1586 S /usr/sbin/winbindd
1613 S /usr/sbin/cupsd -C /etc/cups/cupsd.conf
1628 S gnome-session
1808 S /usr/bin/ssh-agent /usr/bin/dbus-launch --exit-with-session /usr/bin/pulse-session /usr/bin/seahorse-agent --execute gnome-session
1811 S /usr/bin/dbus-launch --exit-with-session /usr/bin/pulse-session /usr/bin/seahorse-agent --execute gnome-session
1832 S /bin/dbus-daemon --fork --print-pid 7 --print-address 9 --session
1836 S /opt/cisco/vpn/bin/vpnagentd
1841 S /usr/bin/pulseaudio --start
1952 S /sbin/getty -8 38400 tty1
1962 S /usr/bin/seahorse-agent --execute gnome-session
1965 S /usr/lib/gvfs/gvfsd
1970 S /usr/lib/devicekit-power/devkit-power-daemon
1972 S /usr/lib/libgconf2-4/gconfd-2
1974 S /usr/lib/gvfs//gvfs-fuse-daemon /home/icewind/.gvfs
2014 S gnome-keyring-daemon --start
2018 S /usr/lib/gnome-settings-daemon/gnome-settings-daemon
2019 S seahorse-daemon
2121 S /usr/lib/notify-osd/notify-osd
2122 S /bin/sh /usr/bin/compiz
2182 S /usr/bin/compiz.real --ignore-desktop-hints --replace --sm-client-id 10ea5747bafb05007126201618889299300000016280025 move resize place decoration animation ccp
2183 S gnome-panel
2184 S /bin/sh -c /usr/bin/compiz-decorator
2185 S /usr/bin/gtk-window-decorator
2187 S nautilus
2189 S /usr/lib/bonobo-activation/bonobo-activation-server --ac-activate --ior-output-fd=20
2191 S nm-applet --sm-disable
2194 S /usr/lib/evolution/2.28/evolution-alarm-notify
2198 S /usr/lib/gnome-disk-utility/gdu-notification-daemon
2199 S gnome-power-manager
2201 S /usr/lib/devicekit-disks/devkit-disks-daemon
2202 S devkit-disks-daemon: polling /dev/sr0
2204 S bluetooth-applet
2207 S /usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1
2213 S gnome-volume-control-applet
2215 S update-notifier --startup-delay=60
2217 S /usr/lib/policykit-1/polkitd
2219 S python /usr/share/system-config-printer/applet.py
2227 S /usr/lib/gnome-applets/cpufreq-applet --oaf-activate-iid=OAFIID:GNOME_CPUFreqApplet_Factory --oaf-ior-fd=18
2229 S /usr/lib/gnome-applets/trashapplet --oaf-activate-iid=OAFIID:GNOME_Panel_TrashApplet_Factory --oaf-ior-fd=24
2232 S /usr/lib/gvfs/gvfs-gdu-volume-monitor
2233 S gnome-screensaver
2238 S /usr/lib/gvfs/gvfsd-trash --spawner :1.4 /org/gtk/gvfs/exec_spaw/0
2242 S /usr/lib/gvfs/gvfs-gphoto2-volume-monitor
2298 S /usr/lib/gvfs/gvfsd-burn --spawner :1.4 /org/gtk/gvfs/exec_spaw/1
2312 S /usr/lib/gvfs/gvfsd-metadata
2333 S /usr/lib/evolution/evolution-data-server-2.28 --oaf-activate-iid=OAFIID:GNOME_Evolution_DataServer_CalFactory:1.2 --oaf-ior-fd=22
2337 S /usr/lib/evolution/2.28/evolution-exchange-storage --oaf-activate-iid=OAFIID:GNOME_Evolution_Exchange_Connector_CalFactory:1.2 --oaf-ior-fd=25
2381 S /usr/bin/python /usr/lib/system-service/system-service-d
5433 S /sbin/dhclient -d -sf /usr/lib/NetworkManager/nm-dhcp-client.action -pf /var/run/dhclient-eth1.pid -lf /var/lib/dhcp3/dhclient-afc31197-f1b6-4c98-ad53-56dfbcc7
6046 S /usr/lib/firefox-3.5.6/firefox
10242 S /usr/lib/opera/opera
10355 R /usr/lib/opera/operapluginwrapper-ia32-linux 64 110 /usr/lib/adobe-flashplugin/libflashplayer.so
10360 S /usr/lib/opera/operaplugincleaner 10242
14880 S kdeinit4: kdeinit4 Running...
14883 S kdeinit4: klauncher [kdeinit] --fd=8
14885 S kdeinit4: kded4 [kdeinit] e
14917 S /usr/bin/knotify4
14943 S kdeinit4: kio_file [kdeinit] file local:/tmp/ksocket-icewind/klauncherT14883.slave-socket local:/tmp/ksocket-icewind/krus
16072 S /bin/sh -c gnome-terminal
16073 R gnome-terminal
16077 S gnome-pty-helper
16078 S bash
23658 S bash
28376 S /usr/bin/moblock -p /var/lib/blockcontrol/guarding.p2p -q 92 -t -r 10 -a 20 /var/log/moblock.log
28381 S /bin/sh /usr/bin/blockcontrol.wd
28386 S sleep 300
28406 R ps -ax -o pid state command
-
iptables -L -v
-
icewind@icewind-laptop:~$ sudo iptables -L -v
Chain INPUT (policy ACCEPT 5091 packets, 4535K bytes)
pkts bytes target prot opt in out source destination
513 169K blockcontrol_in all -- any any anywhere anywhere state NEW mark match !0x14
34973 29M ufw-before-logging-input all -- any any anywhere anywhere
34973 29M ufw-before-input all -- any any anywhere anywhere
5317 4629K ufw-after-input all -- any any anywhere anywhere
5317 4629K ufw-after-logging-input all -- any any anywhere anywhere
5317 4629K ufw-reject-input all -- any any anywhere anywhere
5317 4629K ufw-track-input all -- any any anywhere anywhere
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 blockcontrol_fw all -- any any anywhere anywhere state NEW mark match !0x14
0 0 ufw-before-logging-forward all -- any any anywhere anywhere
0 0 ufw-before-forward all -- any any anywhere anywhere
0 0 ufw-after-forward all -- any any anywhere anywhere
0 0 ufw-after-logging-forward all -- any any anywhere anywhere
0 0 ufw-reject-forward all -- any any anywhere anywhere
Chain OUTPUT (policy ACCEPT 3947 packets, 628K bytes)
pkts bytes target prot opt in out source destination
172 10664 blockcontrol_out all -- any any anywhere anywhere state NEW mark match !0x14
27309 4292K ufw-before-logging-output all -- any any anywhere anywhere
27309 4292K ufw-before-output all -- any any anywhere anywhere
6292 787K ufw-after-output all -- any any anywhere anywhere
6292 787K ufw-after-logging-output all -- any any anywhere anywhere
6292 787K ufw-reject-output all -- any any anywhere anywhere
6292 787K ufw-track-output all -- any any anywhere anywhere
Chain blockcontrol_fw (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- any any anywhere anywhere mark match 0xa
0 0 RETURN all -- any any anywhere cz-prg-dns-02.chello.cz
0 0 RETURN all -- any any anywhere cz-prg-dns-01.chello.cz
0 0 RETURN all -- any any 192.168.1.0/24 192.168.1.0/24
0 0 NFQUEUE all -- any any anywhere anywhere NFQUEUE num 92
Chain blockcontrol_in (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- any any anywhere anywhere mark match 0xa
0 0 RETURN all -- lo any anywhere anywhere
468 167K RETURN all -- any any 192.168.1.0/24 anywhere
45 2192 NFQUEUE all -- any any anywhere anywhere NFQUEUE num 92
Chain blockcontrol_out (1 references)
pkts bytes target prot opt in out source destination
0 0 REJECT all -- any any anywhere anywhere mark match 0xa reject-with icmp-port-unreachable
0 0 RETURN all -- any lo anywhere anywhere
0 0 RETURN all -- any any anywhere cz-prg-dns-02.chello.cz
27 1821 RETURN all -- any any anywhere cz-prg-dns-01.chello.cz
92 5520 RETURN all -- any any anywhere 192.168.1.0/24
0 0 RETURN all -- any any anywhere by2msg1010816.gateway.edge.messenger.live.com
0 0 RETURN all -- any any anywhere by2msg3020110.phx.gbl
0 0 RETURN all -- any any anywhere by2msg1020504.gateway.edge.messenger.live.com
0 0 RETURN all -- any any anywhere bay5-dav5.bay5.hotmail.com
0 0 RETURN all -- any any anywhere 64.4.9.254
0 0 RETURN all -- any any anywhere bucp-d1-vip.blue.aol.com
0 0 RETURN all -- any any anywhere 64.4.50.62
0 0 RETURN all -- any any anywhere 209.234.241.60
7 420 RETURN tcp -- any any anywhere anywhere tcp dpt:https
32 1920 RETURN tcp -- any any anywhere anywhere tcp dpt:www
14 983 NFQUEUE all -- any any anywhere anywhere NFQUEUE num 92
Chain ufw-after-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-after-input (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-after-logging-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-after-logging-input (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-after-logging-output (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-after-output (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-before-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-before-input (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-before-logging-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-before-logging-input (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-before-logging-output (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-before-output (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-reject-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-reject-input (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-reject-output (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-track-input (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-track-output (1 references)
pkts bytes target prot opt in out source destination
-
a skusal si tam v tom vypise pohladat tu masinu (IP adresu, prip. rozsah IP adries) z ktorej ti tam nejde, ci nahodou nespada pod niektore to pravidlo?
pretoze si nic viacej o problemovej masine nenapisal okrem toho ze to nejde. a kedze vravis ze si kedysi s firewallom experimentoval, tak teoreticky by si asi nemal mat problem sa v tom vypise porozhliadnut.
-
Sice jsem se koukal, ale nicmoc v tom nevidim.
No kazdopadne jsem to zase zkusil a z nejakeho zahadneho duvodu to uz funguje... :) Zahada tento linux :)
-
a máš nainstalované SSH ? client-server ?
-
Sice jsem se koukal, ale nicmoc v tom nevidim.
No kazdopadne jsem to zase zkusil a z nejakeho zahadneho duvodu to uz funguje... :) Zahada tento linux :)
ani by som nepovedal ze zahada. skor len treba vediet co robis ;)
nabuduce mozes vyskusat este napr. 'nmap SERVER/IP' z "postihnuteho" systemu z ktoreho ti nepojde pripojit sa, aby si si preskenoval ake porty na serveri uvidis otvorene. ak uvidis SSH port cez nmap a stale ti nepojde sa pripojit, tak firewall to nebude a musis hladat dalej zrejme nieco smerom k SSH sluzbe.