I tell you.... this is all screwed up! bmike1@Michaels-PC:~$ sudo /lib/ufw/ufw-init status Firewall is running bmike1@Michaels-PC:~$ sudo /lib/ufw/ufw-init stop Skip stopping firewall: ufw (not enabled) bmike1@Michaels-PC:~$ sudo /lib/ufw/ufw-init restart Skipping (not enabled) bmike1@Michaels-PC:~$ sudo /lib/ufw/ufw-init start Skip starting firewall: ufw (not enabled) bmike1@Michaels-PC:~$ sudo /lib/ufw/ufw-init force-reload Skipping (not enabled) bmike1@Michaels-PC:~$ So it says the firewall is running but it won't stop/restart/start/force-reload it because it isn't running? Now check this out, I wanted to su to root so I didn't have to type in sudo and: bmike1@Michaels-PC:~$ su Password: su: Authentication failure bmike1@Michaels-PC:~$ su Password: su: Authentication failure bmike1@Michaels-PC:~$ su Password: su: Authentication failure bmike1@Michaels-PC:~$ su Password: bmike1@Michaels-PC:~$ sudo passwd root Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully bmike1@Michaels-PC:~$ su Password: Added user root. root@Michaels-PC:/home/bmike1# Oh... I think I see. To change roots passwd you need to type in 'passwd root'? (I did try changing it typing in 'passwd'). But this doesn't explain why it wouldn't su into root until a changed the passwd. (I didn't really change it.... it is what I originally set it to. Why wouldn't it accept it until I "changed' it?? I thought maybe this might have fixed the ssh problem but no: bmike1@Michaels-PC:~$ sudo ssh 192.168.0.4 [sudo] password for bmike1: ssh: connect to host 192.168.0.4 port 22: Connection refused bmike1@Michaels-PC:~$ bmike1@Michaels-Laptop ~ $ sudo ssh 192.168.0.3 ssh: connect to host 192.168.0.3 port 22: Connection timed out bmike1@Michaels-Laptop ~ $ while I was doing this I accidently tried to ping the laptop from the laptop with the following results: bmike1@Michaels-Laptop ~ $ sudo ssh 192.168.0.4 [sudo] password for bmike1: ssh: connect to host 192.168.0.4 port 22: Connection refused perhaps.... ufw will help. nope.... 'allow 22' didn't help ssh to the laptop (192.168.0.4). Connection still refused. On Sun, Mar 18, 2012 at 9:09 PM, Michael Havens wrote: > man.... I'm beginning to think I should just reinstall my print server. > > > On Sun, Mar 18, 2012 at 6:57 PM, Michael Havens wrote: > >> I forgot to mention that they can all ping each other >> >> >> >> On Sun, Mar 18, 2012 at 5:01 PM, Michael Havens wrote: >> >>> it is strange and I think related to the printing issue that when I try >>> to ssh from the server to the laptop the connection is refused but when I >>> try the other way the connection times out. Does that little piece of >>> information help any? >>> --more info-- >>> ssh server to xp=timeout >>> ssh laptopto XP= timeout >>> ssh xp to laptop=connection refused (cygwin) >>> ssh xp to server=connection timeout (cygwin) >>> >>> >>> On Sun, Mar 18, 2012 at 4:21 PM, Michael Havens wrote: >>> >>>> >>>> >>>> On Sat, Mar 17, 2012 at 6:35 AM, Lisa Kachold wrote: >>>> >>>>> Good Job Michael! You have negotiated the ufw. Keep in mind that you >>>>> would not want to open all this on a traveling laptop (since it would >>>>> expose trusted services to all). Now just because you have opened the >>>>> ports on one system, you can't be sure they are actually "seen" from the >>>>> other system without a test? >>>>> >>>>> From the other system, now run: >>>>> >>>>> # nmap $thissystem >>>>> >>>>> Did you see 22 tcp open from the other system NOW? >>>>> >>>>> no. >>>> >>>> bmike1@Michaels-Laptop ~ $ sudo nmap 192.168.0.4 (laptops ip) >>>> >>>> Starting Nmap 5.21 ( http://nmap.org ) at 2012-03-18 15:11 MST >>>> Nmap scan report for 192.168.0.4 >>>> Host is up (0.000022s latency). >>>> Not shown: 999 closed ports >>>> PORT STATE SERVICE >>>> 631/tcp open ipp >>>> >>>> Nmap done: 1 IP address (1 host up) scanned in 0.29 seconds >>>> >>>> bmike1@Michaels-Laptop ~ $ sudo nmap 192.168.0.3 (print servers ip) >>>> >>>> Starting Nmap 5.21 ( http://nmap.org ) at 2012-03-18 15:12 MST >>>> Nmap scan report for 192.168.0.3 >>>> Host is up (0.0020s latency). >>>> Not shown: 997 filtered ports >>>> PORT STATE SERVICE >>>> 139/tcp open netbios-ssn >>>> 443/tcp open https >>>> 445/tcp open microsoft-ds >>>> MAC Address: 00:09:6B:78:AB:F0 (IBM) >>>> >>>> Nmap done: 1 IP address (1 host up) scanned in 12.29 seconds >>>> bmike1@Michaels-Laptop ~ $ >>>> >>>> Make sure it's enabled for the service via ufw (on the target system): >>>>> >>>>> # sudo ufw allow ssh >>>>> >>>>> it said the rule already exists. >>>> >>>> >>>>> It appears that your ssh is timing out, but the logs can tell you why: >>>>> >>>>> On the target system: >>>>> >>>>> # tail /var/log/messages >>>>> or >>>>> # tail /var/log/secure >>>>> >>>>> it responded '...no such file...' >>>> >>>> Sshd is setup by default for strict host checking, so you MUST have an >>>>> acceptable /etc/hosts file configuration: >>>>> >>>>> There must be a hostname that matches your host entry, which matches >>>>> your IP address. >>>>> >>>> >>>> Here is now my /etc/hosts file >>>> >>>> 127.0.0.1 localhost >>>> 127.0.1.1 Michaels-PC >>>> ##################### >>>> #added >>>> 192.168.0.2 SonyDesktop <-this is the computer name..... if >>>> I'm supposed to put something else in please >>>> tell me how to get >>>> that info on an XP >>>> 192.168.0.4 Michaels-Laptop <-I put the computer name in because >>>> that is what is in there in /etc/hosts >>>> [127.0.0.1 (computer >>>> name)] >>>> #added >>>> ##################### >>>> # The following lines are desirable for IPv6 capable hosts >>>> ::1 ip6-localhost ip6-loopback >>>> fe00::0 ip6-localnet >>>> ff00::0 ip6-mcastprefix >>>> ff02::1 ip6-allnodes >>>> ff02::2 ip6-allrouters >>>> >>>> >>>> >>>>> You can also do a couple of ssh daemon "hacks", by editing the >>>>> /etc/ssh/sshd_config file: >>>>> >>>>> If I do this I don't need to worry about /etc/hosts? >>>> >>>> >>>>> a) Allow root ssh (which is disallowed by default) [What command are >>>>> you running from the other system to get here? As root?]: >>>>> >>>>> Find out line that read as follows: >>>>> *PermitRootLogin no* >>>>> Set it as follows: >>>>> *PermitRootLogin yes* >>>>> >>>>> b) Disable Strict >>>>> *StrictHostKeyChecking* *yes >>>>> *set it as follows:* >>>>> **StrictHostKeyChecking* *no* >>>>> >>>>> c) Change/extend the timeouts: >>>>> >>>>> *ServerAliveInterval 100* >>>>> >>>>> >>>>> These changes can be used to provide more information on why you are >>>>> not connecting. >>>>> >>>>> ALWAYS remember to copy your original CONFIGS to backup before editing >>>>> so you can seamlessly roll forward and back. >>>>> >>>>> Don't forget to restart ssh daemon after making configuration changes! >>>>> >>>>> Nope... didn't work. >>>> >>>> >>>>> >>>>> >>>> On Fri, Mar 16, 2012 at 11:00 PM, James Mcphee wrote: >>>>> >>>>>> if you're opening that much, just disable iptables until you figure >>>>>> out what you need to leave open. >>>>>> On Mar 16, 2012 6:06 PM, "Michael Havens" wrote: >>>>>> >>>>>>> hmmmmmm..... opening the ports didn't help any. I opened: >>>>>>> >>>>>>> bmike1@Michaels-PC:~$ sudo ufw status >>>>>>> Status: active >>>>>>> >>>>>>> To Action From >>>>>>> -- ------ ---- >>>>>>> 22 ALLOW Anywhere >>>>>>> 137 ALLOW Anywhere >>>>>>> 138 ALLOW Anywhere >>>>>>> 139 ALLOW Anywhere >>>>>>> 445 ALLOW Anywhere >>>>>>> 389 ALLOW Anywhere >>>>>>> 901 ALLOW Anywhere >>>>>>> 53 ALLOW Anywhere >>>>>>> 80 ALLOW Anywhere >>>>>>> 110 ALLOW Anywhere >>>>>>> 143 ALLOW Anywhere >>>>>>> 443 ALLOW Anywhere >>>>>>> 631 ALLOW Anywhere >>>>>>> 993 ALLOW Anywhere >>>>>>> 995 ALLOW Anywhere >>>>>>> 5800 ALLOW Anywhere >>>>>>> 5900 ALLOW Anywhere >>>>>>> 9418 ALLOW Anywhere >>>>>>> 8080 ALLOW Anywhere >>>>>>> 22 ALLOW Anywhere (v6) >>>>>>> 137 ALLOW Anywhere (v6) >>>>>>> 138 ALLOW Anywhere (v6) >>>>>>> 139 ALLOW Anywhere (v6) >>>>>>> 445 ALLOW Anywhere (v6) >>>>>>> 389 ALLOW Anywhere (v6) >>>>>>> 901 ALLOW Anywhere (v6) >>>>>>> 53 ALLOW Anywhere (v6) >>>>>>> 80 ALLOW Anywhere (v6) >>>>>>> 110 ALLOW Anywhere (v6) >>>>>>> 143 ALLOW Anywhere (v6) >>>>>>> 443 ALLOW Anywhere (v6) >>>>>>> 631 ALLOW Anywhere (v6) >>>>>>> 993 ALLOW Anywhere (v6) >>>>>>> 995 ALLOW Anywhere (v6) >>>>>>> 5800 ALLOW Anywhere (v6) >>>>>>> 5900 ALLOW Anywhere (v6) >>>>>>> 9418 ALLOW Anywhere (v6) >>>>>>> 8080 ALLOW Anywhere (v6) >>>>>>> >>>>>>> bmike1@Michaels-PC:~$ >>>>>>> >>>>>>> >>>>>>> What else do you think I should open? >>>>>>> >>>>>>> >>>>>>> On Fri, Mar 16, 2012 at 10:44 AM, Michael Havens wrote: >>>>>>> >>>>>>>> look what I found in my quest to open ports for printing: I found a >>>>>>>> program called ufw which is a 'program for managing a netfilter >>>>>>>> firewall.' And one of the commands is: >>>>>>>> >>>>>>>> ufw allow 53 >>>>>>>> This rule will allow tcp and udp port 53 to any address on >>>>>>>> this >>>>>>>> host. >>>>>>>> >>>>>>>> Which is the printers port?... of course 631. my search engine is >>>>>>>> givong me another: 515? But both of my computers print. >>>>>>>> Do you know if I can specify more than one port in the command? >>>>>>>> oops... I just found the correct syntax: >>>>>>>> ufw allow 18:25,50:110,130:150,389:445, >>>>>>>> 631,900:1000,5800:5900,8080,9418 >>>>>>>> the man page says I'm allowed 15 numbers in there. No spaces, >>>>>>>> separated by a coma, and ranges (x:y ) count as two numbers. >>>>>>>> >>>>>>>> What other ports does the great brain known as PLUG believe is good >>>>>>>> to open? >>>>>>>> I think ufw is basically a program to make iptables easier. Or do >>>>>>>> you want to give me a tutelage on iptables. I'm willing if you are! Does >>>>>>>> anyone have any pointers about ufw? >>>>>>>> >>>>>>>> ufw probably is an acronym for unix fire wall. or perhaps ubuntu >>>>>>>> fire wall. >>>>>>>> >>>>>>>> >>>>>>> >>>>> -- >>>>> (503) 754-4452 Android >>>>> (623) 239-3392 Skype >>>>> (623) 688-3392 Google Voice >>>>> ** >>>>> it-clowns.com >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> --------------------------------------------------- >>>>> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us >>>>> To subscribe, unsubscribe, or to change your mail settings: >>>>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss >>>>> >>>> >>>> >>>> >>>> -- >>>> :-)~MIKE~(-: >>>> >>> >>> >>> >>> -- >>> :-)~MIKE~(-: >>> >> >> >> >> -- >> :-)~MIKE~(-: >> > > > > -- > :-)~MIKE~(-: > -- :-)~MIKE~(-: