# Cannot ssh or ping new FreeBSD9 install from WAN



## unixgirl (Mar 14, 2012)

Once again trying to venture into FreeBSD 9 I find it broken for me. I did a brand new install (not a fan of the new installer). Rebooted and found that

 I can:

ssh out
ping the gateway
See the gateway using *netstat -r*
ping the server from a server on the LAN.
be ssh'd into by another machine on the LAN.
 I cannot:

Get into the server remotely.
ping the server remotely.

I have this box set up the same as every other box, but it refuses to connect outside the local LAN. sshd is running as it can be ssh'd into from the local LAN. I know about having to turn on password access on sshd. Is there now some firewall setup automatically as well or do I just have amazing bad luck? I have tried rebooting the switch it's connected into and the switch that switch connects too as well. I also tried another port on the switch as well as rebooting with it on a new IP address. 

Help! What else can I do? I do not know what else to try.

[cmd=]$ ifconfig em0[/cmd] (IP's somewhat replaced) (yes the router here is at the end of the subnet)


```
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC>
        ether 00:e0:81:b5:79:c2
        inet 192.168.0.249 netmask 0xfffffff8 broadcast 192.168.0.255
        inet6 fe89::2e1:83ff:feb5:79c2%em0 prefixlen 64 scopeid 0x4
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
em1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC>
        ether 00:e0:81:b5:79:c3
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet autoselect
        status: no carrier
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=3<RXCSUM,TXCSUM>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0xb
        inet 127.0.0.1 netmask 0xff000000
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
```

`$ netstat -rn`

```
Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            192.168.0.254      UGS         0       48    em0
192.168.0.248/29   link#4             U           0       83    em0
192.168.0.249      link#4             UHS         0        0    lo0
127.0.0.1          link#11            UH          0        0    lo0
```

`$ ping 192.168.0.254`

```
PING 192.168.0.254 (192.168.0.254): 56 data bytes
64 bytes from 192.168.0.254: icmp_seq=0 ttl=255 time=1.039 ms
64 bytes from 192.168.0.254: icmp_seq=1 ttl=255 time=0.880 ms
64 bytes from 192.168.0.254: icmp_seq=2 ttl=255 time=0.752 ms
etc..
```

Thank in advance!
 Nicole


----------



## Hawk (Mar 14, 2012)

Did you port forward/trigger 22 on the switch/router?


----------



## dave (Mar 14, 2012)

Maybe post your local network addressing scheme.


----------



## unixgirl (Mar 14, 2012)

I do not have anything special going on. If I removed the disk, changed DVD's and installed 8.X etc. everything would work fine. 
I keep running into weird networking issues every-time I install 9  (which is now twice)
I have installed many many instances prior to 9 and never had this type of problem. 

Just to see if perhaps something was corrupted on install, I made world/kernel and installed. Nothing changed.


----------



## dave (Mar 14, 2012)

Is the new machine able to resolve an internet name?


```
$ host freebsd.org
```


----------



## unixgirl (Mar 15, 2012)

OMFG
 So to make sure I was right I did indeed setup an 8.2 box on the IP address(s) and none of them can receive port 22 traffic from outside my home test network as well. All this used to work as of last week.

 So, thinking maybe ATT decided to start blocking port 22 on my home network I tried ATT support. Even tier2 is clueless and they say I have to talk to their PAY Service called ATT 360 saying that is the only group who can stop the port blocking. So I now have to Pay Them to open my ports!!!??

 One tier 2 person I bounced back too said they just pushed out new firmware. So I found the password for the ATT Uverse box and logged in. Seems the firewall on my Uverse box started blocking things on that MAC address for some reason. (I had a similar problem last time with a switch on another network  when I installed version FreeBSD 9) Also wonderful how the firewall seems to work based on Mac Addresses. Oh Joy. 

Now, I also found the Mac address had been replaced by the name I gave to a win98 install I did for that test computer to use for testing hard drives. (seagate only runs on win32) so I am also wondering if windows may have been able to change my routers firewall config. 


Also I decided to test and found that aliased Ip's do not seem to work!
Another win for ATT


----------

