X-Spam-Check-By: sourceware.org
To: cygwin AT cygwin DOT com
From: Zarko Roganovic <zarko79 AT hotmail DOT com>
Subject:  Re: Rsync over SSH not working when ZoneAlarm installed
Date: Thu, 15 Dec 2005 05:46:18 +0000 (UTC)
Lines: 122
Message-ID:  <loom.20051215T063801-605@post.gmane.org>
References:  <loom DOT 20051215T011825-946 AT post DOT gmane DOT org> <43A0DD9B DOT 8050809 AT cygwin DOT com> <loom DOT 20051215T041100-821 AT post DOT gmane DOT org> <43A0E61D DOT 2010506 AT cygwin DOT com>
Mime-Version:  1.0
Content-Type:  text/plain; charset=utf-8
Content-Transfer-Encoding:  8bit
User-Agent: Loom/3.14 (http://gmane.org/)
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

Larry Hall (Cygwin <reply-to-list-only-lh <at> cygwin.com> writes:

> 
> Zarko Roganovic wrote:
> > Larry Hall (Cygwin <reply-to-list-only-lh <at> cygwin.com> writes:
> > 
> > 
> >>Zarko Roganovic wrote:
> >>
> >>>Hello,
> >>>
> >>>I'm trying to backup a directory from a Win 2K machine to a Linux server 
> > 
> > with
> > 
> >>>cmd below.
> >>>
> >>>rsync -rvc -e "ssh -l testusr" /cygdrive/c/testdir 
192.168.1.2:/home/testusr
> >>>
> >>>When I uninstall ZoneAlarm(6.1.737) this same command works fine.
> >>>It doesn't help if I shutdown ZoneAlarm, I have to uninstall it. This is a 
> > 
> > test
> > 
> >>>machine and I'm willing to run ANY tests that you might suggest. I've 
> > 
> > included 
> > 
> >>>the cygcheck output with ZoneAlarm installed and when it wasn't.
> >>
> >>We actually ask for *attachments* of cygcheck output, not inclusions.
> >>
> >>
> >>>I really need this to work and I would appreciate any help.
> >>
> >>This sounds like a firewall configuration problem rather than a Cygwin
> >>software problem.  Didn't ZoneAlarm query you when you first tried the
> >>rsync?  I thought that was it's modus operandi.  In any case, you need
> >>to open port 873 for rsync to run at least.  You can check the man page
> >>for more info.
> >>
> > 
> > 
> > Hi,
> > 
> > I apologize about pasting the cygcheck output instead of attaching it.
> > 
> > ZoneAlarm did ask if I'd like to let rsync access the internet and I did
> > say to allow it. However it never asks it ssh.exe should be allowed to
> > access the net. Lastly I don't think the port is the problem because
> > even when I shut down ZoneAlarm I get the same result. 
> 
> That turns out not to be significant.  Many firewalls install "stuff" in
> the TCP stack so turning them off does not necessarily get you to the
> same state as uninstalling, as you already determined for yourself.  In
> other words, ZoneAlarm is getting in your way whether you're running it
> or not.  You need to get ZoneAlarm configured to allow these applications
> to run.  Effectively, that means opening ports the apps use.  ZoneAlarm
> probably didn't ask about 'ssh' because it couldn't "see" it buried within
> 'rsync'.
> 
> > I have been
> > able to use rsync just by itself to sync with a rsync server with
> > ZoneAlarm still running.
> 
> Well, if you can use 'rsync' with ZoneAlarm after telling it to permit
> 'rsync' access then you should find you have luck when you do the same
> for 'ssh'.  Try running 'ssh -l testusr  192.168.1.2' and see what
> ZoneAlarm has to say.  I bet that will trip it and you'll find you
> can get access with both 'ssh' and 'rsync', separately or together.
> If not, you'll need to configure port 22 to be open for 'ssh'.
> 
> I feel compelled to point out that this is really a firewall configuration
> issue and as such, it's really not on-topic for this list.  If the above
> information isn't enough to get this problem resolved to your satisfaction,
> you should really look for some specific help with configuring ZoneAlarm.
> Much discussion of ZoneAlarm's workings isn't really appropriate here.
> 

Hi,

I don't believe that this is a case of me not knowing how to configure
the firewall, and this is why.

I set my linux box to act as an rsync server. I than ran the command below
from the cygwin computer with ZoneAlarm still running

  rsync -rvc /cygdrive/c/testdir rsync://testusr AT 192 DOT 168 DOT 1 DOT 2::/testusr
  
It asked me for the password and than finished the sync as it should

When I tried accessing the Linux box from cygwin while ZoneAlarm is running
with the following command

ssh -l testusr 192.168.1.2

it asked me to accept the RSA fingerprint and logged me in
  
When I set ZoneAlarm to block rsync.exe from accessing the internet I got
the following error

  rsync: failed to connect to 192.168.1.2: Connection refused (111)
  rsync error: error in socket IO (code 10) at /home/lapo/packaging/tmp/rsync-
2.6.
  6/clientserver.c(98)

Without touching the permissions in ZoneAlarm I shut it down and ran rsync
again. It went through just fine.

As far as I know (99% sure) when rsync is pushing the changes to the Linux
server it doesn’t need to listen to any ports, that’s for the Linux server
to do. Likewise, to use SSH, only the server (Linux box) you’re connecting
to has to open port 22. If I'm able to use both services separately they
should work together also. Please point out if there are any holes in my
proof

Again I appreciate all your help

Zarko




--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/