Forum OpenACS Q&A: Response to Up 18 months now only connects on port 22

Collapse
4: Response to Up 18 months now only connects on port 22 (response to 1)
Posted by MaineBob OConnor on 08/05/02 08:26 PM

So, I got some help from Argen (sp?) at OpenForce -- THank you!

I stopped portsentry. 

[root@ sysconfig]# ipchains -L
Chain input (policy DENY):
target     prot opt     source   destination  ports
acct       all  ------  anywhere  anywhere    n/a
DENY       tcp  ----l-  anywhere  anywhere    2000 -> any
ACCEPT     tcp  ------  anywhere  anywhere    ssh -> any
DENY       tcp  ----l-  anywhere  anywhere    any -> 2000
ACCEPT     tcp  ------  anywhere  anywhere    any -> ssh
ACCEPT     all  ------  localhost.localdomain
localhost.localdomain  n/a
Chain forward (policy ACCEPT):
Chain output (policy ACCEPT):
Chain acct (1 references):

Also, the /etc/sysconfig/ipchains and found a very long 575 line file which I understand is not the small standard that comes with RH 7 and maybe what portsentry created.

I went ahead with the current setup and I ran

/etc/rc.d/init.d/ipchains restart

AND my SSH connections died. required me to call the datacenter to powercycle....

I think portsentry and ipchains are the source of my problem but yet not the solution.

On bootup I ran Cathy's suggested version of Netstat 

[root@ sysconfig]# netstat -antp
Proto RS-Q Local Address      Foreign Address      State       PID/Program name
tcp   0   0 208.84.220.148:22 60.186.172.110:52115 ESTABLISHED 642/sshd
tcp   0 320 208.84.220.148:22 60.186.172.110:52113 ESTABLISHED 641/sshd
tcp   0   0 0.0.0.0:54320     0.0.0.0:*            LISTEN      590/portsentry
tcp   0   0 0.0.0.0:49724     0.0.0.0:*            LISTEN      590/portsentry
tcp   0   0 0.0.0.0:40421     0.0.0.0:*            LISTEN      590/portsentry
tcp   0   0 0.0.0.0:32774     0.0.0.0:*            LISTEN      590/portsentry
{More not shown} but include ports
54320 49724 40421 32774 32773 32772 32771 31337 20034 12346 12345 
6667 5742 2000 1524 1080 635 540 143 119 111 79 15 11 1 

tcp   0   0 0.0.0.0:25        0.0.0.0:*            LISTEN      506/master
tcp   0   0 0.0.0.0:22        0.0.0.0:*            LISTEN      346/sshd

AND WHEN I
/etc/rc.d/init.d/portsentry stop 
I get...

Proto RS-Q Local Address      Foreign Address      State       PID/Program name
tcp   0   0 208.84.220.148:22 60.186.172.110:52115 ESTABLISHED 642/sshd
tcp   0 320 208.84.220.148:22 60.186.172.110:52113 ESTABLISHED 641/sshd
tcp   0      0 0.0.0.0:25     0.0.0.0:*            LISTEN      506/master
tcp   0      0 0.0.0.0:22     0.0.0.0:*            LISTEN      346/sshd

Anyone with suggestions to configuring portsentry OR changing the DENY / ALLOW statements. This is 2.2 kernel

Again, no ping in or out, No other access in or out 'cept port 22 SSH.

Thanks.

-Bob