On Sat, Mar 17, 2012 at 6:35 AM, Lisa Kachold wrote: > Good Job Michael! You have negotiated the ufw. Keep in mind that you > would not want to open all this on a traveling laptop (since it would > expose trusted services to all). Now just because you have opened the > ports on one system, you can't be sure they are actually "seen" from the > other system without a test? > > From the other system, now run: > > # nmap $thissystem > > Did you see 22 tcp open from the other system NOW? > > no. bmike1@Michaels-Laptop ~ $ sudo nmap 192.168.0.4 (laptops ip) Starting Nmap 5.21 ( http://nmap.org ) at 2012-03-18 15:11 MST Nmap scan report for 192.168.0.4 Host is up (0.000022s latency). Not shown: 999 closed ports PORT STATE SERVICE 631/tcp open ipp Nmap done: 1 IP address (1 host up) scanned in 0.29 seconds bmike1@Michaels-Laptop ~ $ sudo nmap 192.168.0.3 (print servers ip) Starting Nmap 5.21 ( http://nmap.org ) at 2012-03-18 15:12 MST Nmap scan report for 192.168.0.3 Host is up (0.0020s latency). Not shown: 997 filtered ports PORT STATE SERVICE 139/tcp open netbios-ssn 443/tcp open https 445/tcp open microsoft-ds MAC Address: 00:09:6B:78:AB:F0 (IBM) Nmap done: 1 IP address (1 host up) scanned in 12.29 seconds bmike1@Michaels-Laptop ~ $ Make sure it's enabled for the service via ufw (on the target system): > > # sudo ufw allow ssh > > it said the rule already exists. > It appears that your ssh is timing out, but the logs can tell you why: > > On the target system: > > # tail /var/log/messages > or > # tail /var/log/secure > > it responded '...no such file...' Sshd is setup by default for strict host checking, so you MUST have an > acceptable /etc/hosts file configuration: > > There must be a hostname that matches your host entry, which matches your > IP address. > Here is now my /etc/hosts file 127.0.0.1 localhost 127.0.1.1 Michaels-PC ##################### #added 192.168.0.2 SonyDesktop <-this is the computer name..... if I'm supposed to put something else in please tell me how to get that info on an XP 192.168.0.4 Michaels-Laptop <-I put the computer name in because that is what is in there in /etc/hosts [127.0.0.1 (computer name)] #added ##################### # The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters > You can also do a couple of ssh daemon "hacks", by editing the > /etc/ssh/sshd_config file: > > If I do this I don't need to worry about /etc/hosts? > a) Allow root ssh (which is disallowed by default) [What command are you > running from the other system to get here? As root?]: > > Find out line that read as follows: > *PermitRootLogin no* > Set it as follows: > *PermitRootLogin yes* > > b) Disable Strict > *StrictHostKeyChecking* *yes > *set it as follows:* > **StrictHostKeyChecking* *no* > > c) Change/extend the timeouts: > > *ServerAliveInterval 100* > > > These changes can be used to provide more information on why you are not > connecting. > > ALWAYS remember to copy your original CONFIGS to backup before editing so > you can seamlessly roll forward and back. > > Don't forget to restart ssh daemon after making configuration changes! > > Nope... didn't work. > > On Fri, Mar 16, 2012 at 11:00 PM, James Mcphee wrote: > >> if you're opening that much, just disable iptables until you figure out >> what you need to leave open. >> On Mar 16, 2012 6:06 PM, "Michael Havens" wrote: >> >>> hmmmmmm..... opening the ports didn't help any. I opened: >>> >>> bmike1@Michaels-PC:~$ sudo ufw status >>> Status: active >>> >>> To Action From >>> -- ------ ---- >>> 22 ALLOW Anywhere >>> 137 ALLOW Anywhere >>> 138 ALLOW Anywhere >>> 139 ALLOW Anywhere >>> 445 ALLOW Anywhere >>> 389 ALLOW Anywhere >>> 901 ALLOW Anywhere >>> 53 ALLOW Anywhere >>> 80 ALLOW Anywhere >>> 110 ALLOW Anywhere >>> 143 ALLOW Anywhere >>> 443 ALLOW Anywhere >>> 631 ALLOW Anywhere >>> 993 ALLOW Anywhere >>> 995 ALLOW Anywhere >>> 5800 ALLOW Anywhere >>> 5900 ALLOW Anywhere >>> 9418 ALLOW Anywhere >>> 8080 ALLOW Anywhere >>> 22 ALLOW Anywhere (v6) >>> 137 ALLOW Anywhere (v6) >>> 138 ALLOW Anywhere (v6) >>> 139 ALLOW Anywhere (v6) >>> 445 ALLOW Anywhere (v6) >>> 389 ALLOW Anywhere (v6) >>> 901 ALLOW Anywhere (v6) >>> 53 ALLOW Anywhere (v6) >>> 80 ALLOW Anywhere (v6) >>> 110 ALLOW Anywhere (v6) >>> 143 ALLOW Anywhere (v6) >>> 443 ALLOW Anywhere (v6) >>> 631 ALLOW Anywhere (v6) >>> 993 ALLOW Anywhere (v6) >>> 995 ALLOW Anywhere (v6) >>> 5800 ALLOW Anywhere (v6) >>> 5900 ALLOW Anywhere (v6) >>> 9418 ALLOW Anywhere (v6) >>> 8080 ALLOW Anywhere (v6) >>> >>> bmike1@Michaels-PC:~$ >>> >>> >>> What else do you think I should open? >>> >>> >>> On Fri, Mar 16, 2012 at 10:44 AM, Michael Havens wrote: >>> >>>> look what I found in my quest to open ports for printing: I found a >>>> program called ufw which is a 'program for managing a netfilter >>>> firewall.' And one of the commands is: >>>> >>>> ufw allow 53 >>>> This rule will allow tcp and udp port 53 to any address on this >>>> host. >>>> >>>> Which is the printers port?... of course 631. my search engine is >>>> givong me another: 515? But both of my computers print. >>>> Do you know if I can specify more than one port in the command? oops... >>>> I just found the correct syntax: >>>> ufw allow 18:25,50:110,130:150,389:445, >>>> 631,900:1000,5800:5900,8080,9418 >>>> the man page says I'm allowed 15 numbers in there. No spaces, separated >>>> by a coma, and ranges (x:y ) count as two numbers. >>>> >>>> What other ports does the great brain known as PLUG believe is good to >>>> open? >>>> I think ufw is basically a program to make iptables easier. Or do you >>>> want to give me a tutelage on iptables. I'm willing if you are! Does anyone >>>> have any pointers about ufw? >>>> >>>> ufw probably is an acronym for unix fire wall. or perhaps ubuntu fire >>>> wall. >>>> >>>> >>> > -- > (503) 754-4452 Android > (623) 239-3392 Skype > (623) 688-3392 Google Voice > ** > it-clowns.com > > > > > > > > > > > > > > > > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > -- :-)~MIKE~(-: