From owner-freebsd-questions@FreeBSD.ORG Mon May 29 03:10:39 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B9F1116ABDD for ; Mon, 29 May 2006 03:10:39 +0000 (UTC) (envelope-from kdk@daleco.biz) Received: from ezekiel.daleco.biz (southernuniform.com [66.76.92.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7475043D53 for ; Mon, 29 May 2006 03:10:38 +0000 (GMT) (envelope-from kdk@daleco.biz) Received: from [192.168.2.2] ([69.27.149.254]) by ezekiel.daleco.biz (8.13.4/8.13.1) with ESMTP id k4T3AZC2019819; Sun, 28 May 2006 22:10:36 -0500 (CDT) (envelope-from kdk@daleco.biz) Message-ID: <447A662C.9050708@daleco.biz> Date: Sun, 28 May 2006 22:10:36 -0500 From: Kevin Kinsey User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8.0.2) Gecko/20060509 SeaMonkey/1.0.1 MIME-Version: 1.0 To: Malcolm Fitzgerald References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: "freebsd-questions@FreeBSD. ORG" Subject: Re: troubleshooting network settings X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 May 2006 03:10:46 -0000 Malcolm Fitzgerald wrote: > I am running freeBSD v6.0 security on a home network behind an adsl router. > > I cannot connect to localhost from a browser (apache is running!) > I cannot connect to localhost port 22 (KPackage tries to use ssh) > > What can cause these problems? How can I troubleshoot them? > > I am very new to freeBSD, so part of my question is "where do I begin?". > I have a copy of Complete freeBSD beside me but can't get the magical > incantations right. Suggestions appreciated. > New to "Nix like" systems in general, or just new to FreeBSD? Here are a few suggestions ... no "magic bullet" here, though: First, check to see if the interface exists: $ ifconfig lo0 lo0: flags=8049 mtu 16384 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 inet 127.0.0.1 netmask 0xff000000 So, we have a loopback interface (in this case on both IPv4 and IPv6). ----------------------------------------------------------- $ ping localhost PING localhost (127.0.0.1): 56 data bytes 64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.088 ms This checks name resolution. If the machine doesn't know where "localhost" is, you probably need to add a hint in /etc/hosts (but that should've been done already, IIRC). ------------------------------------------------------------- $ netstat -anf inet | grep 80 tcp4 0 0 *.80 *.* LISTEN This shows a server listening on port 80 ... the http port. Grep "22" for sshd. Incidentally, you can find that sort of thing (what port number to look for) out this way: $ grep ssh /etc/services ssh 22/tcp #Secure Shell Login ssh 22/udp #Secure Shell Login sshell 614/tcp #SSLshell sshell 614/udp x11-ssh 6010/tcp #Unofficial name, for convenience x11-ssh 6010/udp -------------------------------------------------------------- This is often useful in this type of situation - we'll check to see if something is actually running, and whether it returns a meaningful error message if it's not: $ telnet localhost 22 Trying ::1... Connected to localhost. Escape character is '^]'. SSH-2.0-OpenSSH_4.2p1 FreeBSD-20050903 To leave, press the "escape character" (shown), and then type "quit".... --------------------------------------------------------------- Are you running a firewall? If so, the loopback interface should allow all traffic. (Of course, if it's not, you'll have lots of trouble --- but then, you are having a little, right?) This box is running ipfw: $ ipfw show ipfw: socket: Operation not permitted Whoops! Better use root credentials for that. I use sudo, a 3rd party app (as do many FBSD users); you may need to actually use "su" to get root before looking at firewall rules. $ sudo ipfw show 00100 47450 15295315 divert 8668 ip from any to any via xl0 00200 1279040 547068572 allow ip from any to any via lo0 So this box is doing NAT (rule 100) and is allowing traffic on the "loopback" interface (which is from/to 127.0.0.1/localhost ---- rule 200). --------------------------------------------------------------- If that's not enough to give some clue, write the list again with some more information. HTH, Kevin Kinsey