4

I have a FreeBSD 9.3 installation inside the 192.168.2.x LAN2 which is connected to the 192.168.1.x LAN1 (router WAN IP is 192.168.1.10).

This BSD runs SSH and FTP services. I can use both services from any LAN2 computer. But I am unable to connect from LAN1.

I don't think the problem is in router settings because I have HTTP and FTP servers on another LAN2 machines, and all of them are accessible from LAN1 computers without problems.

All needed ports are forwarded in the router. I can connect to another LAN2 servers using 192.168.1.10:port (even from LAN2).

I saw several threads describing similar problems (usually with SSH server) and tried all solutions I could find, but none of them worked for me.

These are relevant lines from /etc/rc.conf:

ifconfig_em0="inet 192.168.2.8 netmask 255.255.255.0"
defaultrouter="192.168.2.1"
sshd_enable="YES"
ftpd_enable="YES"
ftpd_flags="-D -l"

Update

When I run Putty SSH to 192.168.1.10:20022 (forwarded to 192.168.2.8:22) from LAN1 pc, it shows "Network error: Connection timed out" message. FTP connection from Total Commander shows : "Connect call failed!". Doing the same thing from LAN2 shows FTP home directory and BSD login prompt.

Command-line FTP from LAN1 to 192.168.1.10:20021 shows ftp: connect: unknown error number.

Doing the same thing for accessible FTP (another port) shows : "220" messages (welcome and auth). I can telnet other FTP and HTTP.

cat /var/log/auth.log | grep sshd shows basically two kind of messages:

Server listening on 0.0.0.0 port 22 / :: port 22
Accepted / closed connection from 192.168.2.6 (another LAN2 pc)

LAN1 addresses are not mentioned by sshd.

This is what I get while connected by SSH from another LAN2 pc:

root@bsdpc:/ # ifconfig
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
        ether 08:00:27:11:97:cf
        inet 192.168.2.8 netmask 0xffffff00 broadcast 192.168.2.255
        inet6 fe80::a00:27ff:fe11:97cf%em0 prefixlen 64 scopeid 0x1
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
        inet 127.0.0.1 netmask 0xff000000
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
root@bsdpc:/ # sockstat
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS
lpvoid   sshd       1398  3  tcp4   192.168.2.8:22        192.168.2.6:1186
lpvoid   sshd       1398  4  stream -> ??
root     sshd       1395  3  tcp4   192.168.2.8:22        192.168.2.6:1186
root     sshd       1395  5  stream -> ??
root     ftpd       567   3  dgram  -> /var/run/logpriv
root     ftpd       567   5  tcp6   *:21                  *:*
root     ftpd       567   6  tcp4   *:21                  *:*
smmsp    sendmail   537   3  dgram  -> /var/run/log
root     sendmail   534   3  tcp4   127.0.0.1:25          *:*
root     sendmail   534   4  dgram  -> /var/run/logpriv
root     sshd       531   3  tcp6   *:22                  *:*
root     sshd       531   4  tcp4   *:22                  *:*
root     syslogd    400   4  dgram  /var/run/log
root     syslogd    400   5  dgram  /var/run/logpriv
root     syslogd    400   6  udp6   *:514                 *:*
root     syslogd    400   7  udp4   *:514                 *:*
root     devd       310   4  stream /var/run/devd.pipe
GAD3R
  • 63,407
  • 31
  • 131
  • 192
lpVoid
  • 41
  • 2
  • Please add any logs or complimentary tests you have done. – Rui F Ribeiro Mar 26 '17 at 16:53
  • What does a wireshark/`tcpdump` from another host on LAN2 show while trying to SSH/FTP from LAN1 to the FreeBSD machine? If traffic is successfully getting to the FreeBSD machine you should see the traffic within `tcpdump`, if not it would suggest a problem at the router. – forquare Mar 26 '17 at 20:56
  • I installed wireshark from ports collection, installing xorg and libtool in process, and now I am able to connect from LAN1! The changes are: some ports/packages compiled/installed/upgraded, dbus and hald running. Not sure what exactly enabled the connection, will try to investigate further. – lpVoid Mar 28 '17 at 09:36
  • Without hald and dbus, it still allows connections from LAN1. And I found that I need to log in with SSH at least once before using FTP. – lpVoid Mar 28 '17 at 15:09

0 Answers0