I want to gain access to my Linux machinge (running RED Hat 8.0) from
my office or the internet.

I think I have done everything needed, but it still will not work

+Firewall on the box: (iptables -L output)
[root@oregon root]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
RH-Lokkit-0-50-INPUT  all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Lokkit-0-50-INPUT (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere           tcp
dpt:http flags:SYN,RST,ACK/SYN
ACCEPT     tcp  --  anywhere             anywhere           tcp
dpt:ftp flags:SYN,RST,ACK/SYN
ACCEPT     tcp  --  anywhere             anywhere           tcp
dpt:ssh flags:SYN,RST,ACK/SYN
ACCEPT     tcp  --  anywhere             anywhere           tcp
dpt:telnet flags:SYN,RST,ACK/SYN
ACCEPT     tcp  --  anywhere             anywhere           tcp
dpt:5901 flags:SYN,RST,ACK/SYN
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
REJECT     tcp  --  anywhere             anywhere           tcp
dpts:0:1023 flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere           tcp
dpt:nfs flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere           udp
dpts:0:1023 reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere           udp
dpt:nfs reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere           tcp
dpts:x11:6009 flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere           tcp
dpt:xfs flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
[root@oregon root]#


+CISCO ISDN 803 ROUTER: (sh run output)
Current configuration:
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Cisco803
!
enable password ########
!
!
!
!
!
!
pots country US
ip subnet-zero
!
no ip domain-lookup
isdn switch-type basic-net3
!
!
process-max-time 200
!
interface Ethernet0
 description connected to EthernetLAN
 ip address 192.168.0.1 255.255.255.0
 no ip directed-broadcast
 ip nat inside
!
interface BRI0
 description connected to Internet
 no ip address
 no ip directed-broadcast
 ip nat outside
 encapsulation ppp
 dialer rotary-group 1
 isdn switch-type basic-net3
!
interface Dialer0
 no ip address
 no ip directed-broadcast
 no cdp enable
!
interface Dialer1
 description connected to Internet
 ip address negotiated
 no ip directed-broadcast
 ip nat outside
 encapsulation ppp
 no ip split-horizon
 dialer in-band
 dialer string 08089933036
 dialer hold-queue 10
 dialer-group 1
 no cdp enable
 ppp authentication chap pap callin
 ppp chap hostname ganff56321
 ppp chap password 7 1310051D1D09162B26
 ppp pap sent-username ganff56321 password 7 03114904100A334D43
!
router rip
 version 2
 passive-interface Dialer1
 network 192.168.0.0
 no auto-summary
!
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static tcp 192.168.0.2 5901 interface Dialer1
5901
ip nat inside source static tcp 192.168.0.2 22 interface Dialer1 22
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
access-list 1 permit 192.168.0.0 0.0.0.255
dialer-list 1 protocol ip permit
snmp-server engineID local 00000009020000B0C28AF4CE
snmp-server community public RO
!
line con 0
 exec-timeout 0 0
 password ###############
 login
 transport input none
 stopbits 1
line vty 0 4
 password ############
 login
!
end
    (I am not entirely sure if I should have the port forwarding set
up for Dialler 0 or 1 ???)

+My IP gives me a dynamic IP Address so I have used www.no-ip.com to
set up address 'coboj.zapto.org' site to hit.

+I can ping coboj.zapto.org (from machine oregon) fine

+I can telnet to coboj.zapto.org, and that allows me to log into the
router

+SSH coboj.zapto.org gives:
  [coboj@oregon coboj]$ ssh coboj.zapto.org
   ssh: connect to address 62.60.118.64 port 22: Connection refused

  I can SSH to oregon from my network

+I have vncserver running fine and can connect to it on my local
network using oregon:1.  When I try to get vncserver coboj.zapto.org:1
I get the following message:
[coboj@oregon coboj]$ vncviewer
VNC viewer version 3.3.5 - built Nov  1 2002 15:32:26
Copyright (C) 2002 RealVNC Ltd.
Copyright (C) 1994-2000 AT&T Laboratories Cambridge.
See http://www.realvnc.com for information on VNC.
vncviewer: ConnectToTcpAddr: connect: Connection refused
Unable to connect to VNC server

HELP Please

John

---

Request for Question Clarification by raa-ga on 22 Nov 2002 07:02 PST

Hi jec,

Have you started sshd on the machine? Your records don't seem to indicate so.

Regards.

---

Clarification of Question by jec-ga on 22 Nov 2002 09:14 PST

I don't remember starting sshd explicitly, but I must have selected
something during system install (?).  At any rate the following should
answer your question.
Hope that helps.

[root@oregon root]# ps -ef|grep sshd
root       636     1  0 11:32 ?        00:00:00 /usr/sbin/sshd