0

I set up Ubuntu Desktop 10.0.4 LTS i386 on a PC and installed openssh-server (default port 22), neatx (NX), nessus (over https)

This Ubuntu system and my Macintosh were on the same network when I set it up and tested it. I was able to access ssh, https, neatx from Mac > Ubuntu while on the same network.

The Ubuntu system is now at another physical location, behind a Cisco ASA firewall. I can log into the Cisco VPN at that site and access other devices onsite there using ssh, https and RDP. I can ping the Ubuntu system but I can't access ssh, https, or neatx. There are no special access lists or anything on the firewall, allowing access to the other devices which are working as expected, which disallow the Ubuntu desktop. My ssh connection attempts to Ubuntu are refused. While on the VPN I can however RDP into a Windows system and from there I can access the Ubuntu system using ssh, https. On the Ubuntu system netstat shows the services are listening.

I'm not that familiar with the Ubuntu firewall but I've read that it doesn't disallow anything by default, it allows everything, and I haven't changed it.

sudo iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Could this be caused by a configuration in Ubuntu disallowing access, except for ICMP, from anything but its own subnet, i.e. disallowing ssh, https, etc. access from the VPN pool? If so where might I look?

caleban
  • 1,116
  • 5
  • 18
  • 34

3 Answers3

1

A cruel way it to deactive every rules. iptables --flush i think.

Or you should try to access it locally first. let's say " ssh localhost " just to be sure that services are up.

Or maybe you should check Cisco's rules if you can. Because it may be predefined that only the previous machines will be accessible.

Nikolaidis Fotis
  • 2,032
  • 11
  • 13
1

Maybe the allow host and deny host files in Ubuntu machine are only accepting connections from its own subnet?

/etc/hosts.allow
/etc/hosts.deny
laurent
  • 2,055
  • 16
  • 14
0

Thank you to anyone who tried to help. This wasn't an Ubuntu issue at all. Two hosts had been assigned the same IP address.

They gave me an IP address to use. When I scanned their internal network, with permission of course, that IP address appeared not to be in use so I used it assuming it was going to be the only host with that IP address. Another host with the same IP address was turned off at the time I scanned the network but was later turned on which conflicted with the Ubuntu system I shipped them.

After thinking about the problem for a while I scanned their network again and saw the conflicting host. The conflicting host wasn't running ssh or https which explains why I was occasionally able to access the Ubuntu system using ssh or https from a server on the same switch on their network. I love nmap.

caleban
  • 1,116
  • 5
  • 18
  • 34