Safe to say then port 22 is being blocked on it, which after a quick google search, it seems a lot of IPSs block it for other use for whatever reason, so I'll be changing it on the server to a free/open port in /etc/ssh/sshd_config and seeing if it'll allow communication then. I'll update this post of it works or not.
Well this didn't work, it was port 55667 and then when running nc -vz 192.168.50.77 55667 on my phone, I'd get the error 'No route to host'.
I did re-disable "Advertise router's IP in addition to user-specified DNS" after making the port change and it just resulted in no internet connection again.
My bad.
I think I mixed up with a reply in another thread at about the same time.
Are you able to access the Pi-hole webGUI from that phone at below address?
If so, that nc output failing to connect to port 80 (HTTP) doesnt make any sense to me.
From that Windows host, are you able to connect to above link?
And is SSH enabled and active on that Dell host and can you connect to that 192.168.50.77 IP from this Windows host (Putty etc)?
EDIT:
$ systemctl is-active ssh.service
active
What is output for below on that Windows host?
Redact names etc where necessary for privacy!
ipconfig /all
And whats output for below two on that Dell machine?
ip -br -4 a
ip -4 r
Is it a recent Fedora release?
hostnamectl | grep Operating
If so, could you share output for below one?
sudo nft list ruleset
And have you checked out below yet?
EDIT: Oh where possible, share text output instead of screenshots pls?
Are you able to access the Pi-hole webGUI from that phone at below address?
http://192.168.50.77/admin/
I cannot access that from my phone or from my Windows host.
From that Windows host, are you able to connect to above link?
And is SSH enabled and active on that Dell host and can you connect to that 192.168.50.77 IP from this Windows host (Putty etc)?
I was not able to as it was stating both ssh and sshd were inactive. Despite openssh being installed, I couldn't enable/start ssh.service as it kept saying it wasn't installed. I was however able to then enable sshd.service, reboot the server, and could then remote into the server with putty.
I then tried disabling Advertise router's IP in addition to user-specified DNS so it'd only point to the server and still all devices not using pihole.
What is output for below on that Windows host?
Windows IP Configuration
Host Name . . . . . . . . . . . . : (Windows)
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek Gaming GbE Family Controller
Physical Address. . . . . . . . . : (hiding just in case)
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::6a7b:8b15:bf16:b8aa%6(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.50.14(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, September 23, 2024 06:57:53
Lease Expires . . . . . . . . . . : Wednesday, September 25, 2024 07:05:22
Default Gateway . . . . . . . . . : 192.168.50.1
DHCP Server . . . . . . . . . . . : 192.168.50.1
DHCPv6 IAID . . . . . . . . . . . : 112471705
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2C-BD-C4-D6-B4-2E-99-EC-FA-25
DNS Servers . . . . . . . . . . . : 192.168.50.77
192.168.50.1
NetBIOS over Tcpip. . . . . . . . : Enabled
And whats output for below two on that Dell machine?
[sully@pi ~]$ ip -br -4 a
lo UNKNOWN 127.0.0.1/8
enp4s0 UP 192.168.50.77/24
[sully@pi ~]$ ip -4 r
default via 192.168.50.1 dev enp4s0 proto dhcp src 192.168.50.77 metric 100
192.168.50.0/24 dev enp4s0 proto kernel scope link src 192.168.50.77 metric 100
[sully@pi ~]$ hostnamectl | grep Operating
Operating System: Fedora Linux 40 (Xfce)
Pastebin for sudo nft list ruleset - sudo nft list ruleset - Pastebin.com
I tried finding other DNS settings to change but I wasn't able to find anything besides what was already tried unsuccessfully.
Edit, sully@fedora and sully@pi are the same system, one I was just accessing it via putty.
All the output looks good.
Except for the nft one (firewall etc):
chain filter_IN_public_allow {
tcp dport 22 accept
ip daddr 224.0.0.251 udp dport 5353 accept
ip6 daddr ff02::fb udp dport 5353 accept
ip6 daddr fe80::/64 udp dport 546 accept
}
I'm no nftables expert but from above it appears only ports 22, 5353 and 546 incoming are allowed :
$ cat /etc/services
[..]
ssh 22/tcp # SSH Remote Login Protocol
[..]
mdns 5353/udp # Multicast DNS
[..]
dhcpv6-client 546/udp
$ man nftables
[..]
DESCRIPTION
nft is the command line tool used to set up, maintain and
inspect packet filtering and classification rules in the
Linux kernel, in the nftables framework. The Linux kernel
subsystem is known as nf_tables, and 'nf' stands for
Netfilter.
The "Fedora" bit should have ringed a bell that this is a distro with a desktop (Xfce) with all the security precautions in place.
Also the legacy iptables output threw me of.
table inet firewalld {
From above output, nftables seems to be populated by the firewalld package.
Below output is from a Debian system (.deb instead of .rpm) but you'll get the general idea:
$ apt show firewalld
[..]
Description: dynamically managed firewall with support for network zones
firewalld is a dynamically managed firewall daemon with support for
network/firewall zones to define the trust level of network connections
or interfaces. It has support for IPv4, IPv6 firewall settings and for
ethernet bridges and has a separation of runtime and persistent
configuration options.
It also provides a D-Bus interface for services or applications to add
and apply firewall rules on-the-fly.
From below, there seems to be a GUI tool and a TUI version (Text User Interface) to configure the firewall:
Viewing allowed services using GUI
To view the list of services using the graphical firewall-config tool, press the Super key to enter the Activities Overview, type firewall, and press Enter. The firewall-config tool appears. You can now view the list of services under the Services tab.
Alternatively, to start the graphical firewall configuration tool using the command-line, enter the following command:
$ firewall-config
The Firewall Configuration window opens. Note that this command can be run as a normal user, but you are prompted for an administrator password occasionally.
Below the firewall ports requirements:
You only need to allow ports 53 TCP & UDP for DNS plus port 80 TCP for the webGUI.
Only when you can run nslookup or nc against the Dell IP successfully can you disable that "Advertise router's IP in addition to user-specified DNS" setting and configure the Dell IP for DNS in the LAN DHCP service settings on the router.
EDIT: Dont forget to renew the DHCP lease on that Windows PC that you use for testing after you change any router DHCP settings!
ipconfig /renew
And check:
ipconfig /all
Oh ps, sshd.service is an alias for ssh.service on my Debian distro:
$ systemctl list-unit-files 'ssh*'
UNIT FILE STATE PRESET
ssh.service enabled enabled
sshd.service alias -
ssh.socket disabled enabled
$ systemctl cat sshd.service
# /lib/systemd/system/ssh.service
[Unit]
Description=OpenBSD Secure Shell server
[..]
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.