man.... I'm beginning to think I should just reinstall my print server. On Sun, Mar 18, 2012 at 6:57 PM, Michael Havens wrote: > I forgot to mention that they can all ping each other > > > > On Sun, Mar 18, 2012 at 5:01 PM, Michael Havens wrote: > >> it is strange and I think related to the printing issue that when I try >> to ssh from the server to the laptop the connection is refused but when I >> try the other way the connection times out. Does that little piece of >> information help any? >> --more info-- >> ssh server to xp=timeout >> ssh laptopto XP= timeout >> ssh xp to laptop=connection refused (cygwin) >> ssh xp to server=connection timeout (cygwin) >> >> >> On Sun, Mar 18, 2012 at 4:21 PM, Michael Havens wrote: >> >>> >>> >>> On Sat, Mar 17, 2012 at 6:35 AM, Lisa Kachold wrote: >>> >>>> Good Job Michael! You have negotiated the ufw. Keep in mind that you >>>> would not want to open all this on a traveling laptop (since it would >>>> expose trusted services to all). Now just because you have opened the >>>> ports on one system, you can't be sure they are actually "seen" from the >>>> other system without a test? >>>> >>>> From the other system, now run: >>>> >>>> # nmap $thissystem >>>> >>>> Did you see 22 tcp open from the other system NOW? >>>> >>>> no. >>> >>> bmike1@Michaels-Laptop ~ $ sudo nmap 192.168.0.4 (laptops ip) >>> >>> Starting Nmap 5.21 ( http://nmap.org ) at 2012-03-18 15:11 MST >>> Nmap scan report for 192.168.0.4 >>> Host is up (0.000022s latency). >>> Not shown: 999 closed ports >>> PORT STATE SERVICE >>> 631/tcp open ipp >>> >>> Nmap done: 1 IP address (1 host up) scanned in 0.29 seconds >>> >>> bmike1@Michaels-Laptop ~ $ sudo nmap 192.168.0.3 (print servers ip) >>> >>> Starting Nmap 5.21 ( http://nmap.org ) at 2012-03-18 15:12 MST >>> Nmap scan report for 192.168.0.3 >>> Host is up (0.0020s latency). >>> Not shown: 997 filtered ports >>> PORT STATE SERVICE >>> 139/tcp open netbios-ssn >>> 443/tcp open https >>> 445/tcp open microsoft-ds >>> MAC Address: 00:09:6B:78:AB:F0 (IBM) >>> >>> Nmap done: 1 IP address (1 host up) scanned in 12.29 seconds >>> bmike1@Michaels-Laptop ~ $ >>> >>> Make sure it's enabled for the service via ufw (on the target system): >>>> >>>> # sudo ufw allow ssh >>>> >>>> it said the rule already exists. >>> >>> >>>> It appears that your ssh is timing out, but the logs can tell you why: >>>> >>>> On the target system: >>>> >>>> # tail /var/log/messages >>>> or >>>> # tail /var/log/secure >>>> >>>> it responded '...no such file...' >>> >>> Sshd is setup by default for strict host checking, so you MUST have an >>>> acceptable /etc/hosts file configuration: >>>> >>>> There must be a hostname that matches your host entry, which matches >>>> your IP address. >>>> >>> >>> Here is now my /etc/hosts file >>> >>> 127.0.0.1 localhost >>> 127.0.1.1 Michaels-PC >>> ##################### >>> #added >>> 192.168.0.2 SonyDesktop <-this is the computer name..... if I'm >>> supposed to put something else in please >>> tell me how to get >>> that info on an XP >>> 192.168.0.4 Michaels-Laptop <-I put the computer name in because >>> that is what is in there in /etc/hosts >>> [127.0.0.1 (computer >>> name)] >>> #added >>> ##################### >>> # The following lines are desirable for IPv6 capable hosts >>> ::1 ip6-localhost ip6-loopback >>> fe00::0 ip6-localnet >>> ff00::0 ip6-mcastprefix >>> ff02::1 ip6-allnodes >>> ff02::2 ip6-allrouters >>> >>> >>> >>>> You can also do a couple of ssh daemon "hacks", by editing the >>>> /etc/ssh/sshd_config file: >>>> >>>> If I do this I don't need to worry about /etc/hosts? >>> >>> >>>> a) Allow root ssh (which is disallowed by default) [What command are >>>> you running from the other system to get here? As root?]: >>>> >>>> Find out line that read as follows: >>>> *PermitRootLogin no* >>>> Set it as follows: >>>> *PermitRootLogin yes* >>>> >>>> b) Disable Strict >>>> *StrictHostKeyChecking* *yes >>>> *set it as follows:* >>>> **StrictHostKeyChecking* *no* >>>> >>>> c) Change/extend the timeouts: >>>> >>>> *ServerAliveInterval 100* >>>> >>>> >>>> These changes can be used to provide more information on why you are >>>> not connecting. >>>> >>>> ALWAYS remember to copy your original CONFIGS to backup before editing >>>> so you can seamlessly roll forward and back. >>>> >>>> Don't forget to restart ssh daemon after making configuration changes! >>>> >>>> Nope... didn't work. >>> >>> >>>> >>>> >>> On Fri, Mar 16, 2012 at 11:00 PM, James Mcphee wrote: >>>> >>>>> if you're opening that much, just disable iptables until you figure >>>>> out what you need to leave open. >>>>> On Mar 16, 2012 6:06 PM, "Michael Havens" wrote: >>>>> >>>>>> hmmmmmm..... opening the ports didn't help any. I opened: >>>>>> >>>>>> bmike1@Michaels-PC:~$ sudo ufw status >>>>>> Status: active >>>>>> >>>>>> To Action From >>>>>> -- ------ ---- >>>>>> 22 ALLOW Anywhere >>>>>> 137 ALLOW Anywhere >>>>>> 138 ALLOW Anywhere >>>>>> 139 ALLOW Anywhere >>>>>> 445 ALLOW Anywhere >>>>>> 389 ALLOW Anywhere >>>>>> 901 ALLOW Anywhere >>>>>> 53 ALLOW Anywhere >>>>>> 80 ALLOW Anywhere >>>>>> 110 ALLOW Anywhere >>>>>> 143 ALLOW Anywhere >>>>>> 443 ALLOW Anywhere >>>>>> 631 ALLOW Anywhere >>>>>> 993 ALLOW Anywhere >>>>>> 995 ALLOW Anywhere >>>>>> 5800 ALLOW Anywhere >>>>>> 5900 ALLOW Anywhere >>>>>> 9418 ALLOW Anywhere >>>>>> 8080 ALLOW Anywhere >>>>>> 22 ALLOW Anywhere (v6) >>>>>> 137 ALLOW Anywhere (v6) >>>>>> 138 ALLOW Anywhere (v6) >>>>>> 139 ALLOW Anywhere (v6) >>>>>> 445 ALLOW Anywhere (v6) >>>>>> 389 ALLOW Anywhere (v6) >>>>>> 901 ALLOW Anywhere (v6) >>>>>> 53 ALLOW Anywhere (v6) >>>>>> 80 ALLOW Anywhere (v6) >>>>>> 110 ALLOW Anywhere (v6) >>>>>> 143 ALLOW Anywhere (v6) >>>>>> 443 ALLOW Anywhere (v6) >>>>>> 631 ALLOW Anywhere (v6) >>>>>> 993 ALLOW Anywhere (v6) >>>>>> 995 ALLOW Anywhere (v6) >>>>>> 5800 ALLOW Anywhere (v6) >>>>>> 5900 ALLOW Anywhere (v6) >>>>>> 9418 ALLOW Anywhere (v6) >>>>>> 8080 ALLOW Anywhere (v6) >>>>>> >>>>>> bmike1@Michaels-PC:~$ >>>>>> >>>>>> >>>>>> What else do you think I should open? >>>>>> >>>>>> >>>>>> On Fri, Mar 16, 2012 at 10:44 AM, Michael Havens wrote: >>>>>> >>>>>>> look what I found in my quest to open ports for printing: I found a >>>>>>> program called ufw which is a 'program for managing a netfilter >>>>>>> firewall.' And one of the commands is: >>>>>>> >>>>>>> ufw allow 53 >>>>>>> This rule will allow tcp and udp port 53 to any address on >>>>>>> this >>>>>>> host. >>>>>>> >>>>>>> Which is the printers port?... of course 631. my search engine is >>>>>>> givong me another: 515? But both of my computers print. >>>>>>> Do you know if I can specify more than one port in the command? >>>>>>> oops... I just found the correct syntax: >>>>>>> ufw allow 18:25,50:110,130:150,389:445, >>>>>>> 631,900:1000,5800:5900,8080,9418 >>>>>>> the man page says I'm allowed 15 numbers in there. No spaces, >>>>>>> separated by a coma, and ranges (x:y ) count as two numbers. >>>>>>> >>>>>>> What other ports does the great brain known as PLUG believe is good >>>>>>> to open? >>>>>>> I think ufw is basically a program to make iptables easier. Or do >>>>>>> you want to give me a tutelage on iptables. I'm willing if you are! Does >>>>>>> anyone have any pointers about ufw? >>>>>>> >>>>>>> ufw probably is an acronym for unix fire wall. or perhaps ubuntu >>>>>>> fire wall. >>>>>>> >>>>>>> >>>>>> >>>> -- >>>> (503) 754-4452 Android >>>> (623) 239-3392 Skype >>>> (623) 688-3392 Google Voice >>>> ** >>>> it-clowns.com >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> --------------------------------------------------- >>>> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us >>>> To subscribe, unsubscribe, or to change your mail settings: >>>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss >>>> >>> >>> >>> >>> -- >>> :-)~MIKE~(-: >>> >> >> >> >> -- >> :-)~MIKE~(-: >> > > > > -- > :-)~MIKE~(-: > -- :-)~MIKE~(-: