From owner-freebsd-questions Tue Dec 5 16:47:20 2000 From owner-freebsd-questions@FreeBSD.ORG Tue Dec 5 16:47:17 2000 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from freeze.org (www.bellnetworks.net [208.177.187.234]) by hub.freebsd.org (Postfix) with ESMTP id 3DF8A37B400 for ; Tue, 5 Dec 2000 16:47:17 -0800 (PST) Received: (from jim@localhost) by freeze.org (8.9.3/8.9.3) id TAA13592; Tue, 5 Dec 2000 19:47:12 -0500 (EST) (envelope-from jim) X-Authentication-Warning: www.bellnetworks.net: Processed from queue /var/spool/alt_queue X-Authentication-Warning: www.bellnetworks.net: Processed by jim with -C /web/siteinfo/freeze/mail/sendmail.cf Date: Tue, 5 Dec 2000 19:47:12 -0500 (EST) From: Jim Freeze X-Sender: jim@www.bellnetworks.net To: questions@freebsd.org Subject: Can no longer ssh Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi all: Before this last weekend, I had a FBSD desktop machine with a 'client' firewall setup. I was able to define a rule to permit ssh to the machine from only a few hosts. Great. I understand this. (I thought.) This last weekend, I setup a LAN and the FBSD machine is now a gateway with natd and ipfw running. Using the rules given at mostgraveconcern, I thought I could ssh into this machine, but no luck. After several attempts at modifiying the rules with no luck, I changed the firewall to 'open'. Still NO SSH! # ssh /etc/rc.firewall Flushed all rules. 00000 divert 8668 ip from any to any via vx0 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 65000 allow ip from any to any Here is some diagnostics that I have tried: Attempting to ssh from a remote host never responds with a login. jfreeze@eeyore1 ('tty') ~/tmp 82 -> ssh localhost -l jfreeze <--snip login stuff--> /usr/X11R6/bin/xauth: timeout in locking authority file /home/jfreeze/.Xauthority Dec 2 22:58:11 eeyore1 last message repeated 4 times Dec 2 22:59:09 eeyore1 natd[154]: failed to write packet back (Permission denied) Dec 2 23:05:34 eeyore1 su: jfreeze to root on /dev/ttyp1 Dec 3 00:07:20 eeyore1 /kernel: cd9660: RockRidge Extension Dec 3 00:25:33 eeyore1 su: jfreeze to root on /dev/ttyp1 Dec 5 19:17:28 eeyore1 su: jfreeze to root on /dev/ttyp1 Dec 5 19:37:22 eeyore1 sshd[5815]: fatal: Local: ROOT LOGIN REFUSED FROM localhost Dec 5 19:47:20 eeyore1 su: jfreeze to root on /dev/ttyp1 Dec 5 19:47:34 eeyore1 sshd[5901]: fatal: Local: ROOT LOGIN REFUSED FROM localhost Dec 5 19:47:41 eeyore1 sshd[5904]: fatal: Local: ROOT LOGIN REFUSED FROM eeyore1 jfreeze@eeyore1 -> ssh eeyore1 -l jfreeze <--snip login stuff--> /usr/X11R6/bin/xauth: timeout in locking authority file /home/jfreeze/.Xauthority Dec 2 22:58:11 eeyore1 last message repeated 4 times Dec 2 22:59:09 eeyore1 natd[154]: failed to write packet back (Permission denied) Dec 2 23:05:34 eeyore1 su: jfreeze to root on /dev/ttyp1 Dec 3 00:07:20 eeyore1 /kernel: cd9660: RockRidge Extension Dec 3 00:25:33 eeyore1 su: jfreeze to root on /dev/ttyp1 Dec 5 19:17:28 eeyore1 su: jfreeze to root on /dev/ttyp1 Dec 5 19:37:22 eeyore1 sshd[5815]: fatal: Local: ROOT LOGIN REFUSED FROM localhost Dec 5 19:47:20 eeyore1 su: jfreeze to root on /dev/ttyp1 Dec 5 19:47:34 eeyore1 sshd[5901]: fatal: Local: ROOT LOGIN REFUSED FROM localhost Dec 5 19:47:41 eeyore1 sshd[5904]: fatal: Local: ROOT LOGIN REFUSED FROM eeyore1 The latter two scenarios, although I was able to get in, took upwards one minute to finally let me in. Thanks for any help. ==================================================== Jim Freeze jim@freeze.org --------------------------------------------------- ** http://www.freeze.org ** ==================================================== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message