Re: ssh connection is not allowed in NAT, SUSE 9.2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



and tpcd is not getting in the way, correct?

Thanks,

Ron DuFresne


On Tue, 19 Jul 2005, Jörg Harmuth wrote:

Fatih TURKMEN schrieb:
Hi everybody,
I am trying to create small NAT network on SUSE 9.2
computers.I don't know what is missing in my iptables
policy but I have added three rules for SNAT:

1) iptables -t nat -A POSTROUTING -o eth0 -j
MASQUERADE
2) iptables -A FORWARD -i eth0 -o eth1 -m state
--state RELATEd,ESTABLISHED -j ACCEPT
3) iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT

I stopped firewalls on local computers, and installed
ssh server/client on all computers.I can ssh to local
machines from locals.But I can't ssh to nat
server.Also I can only ping one computer from NAT
Server.
When I try to ssh to local clients from NAT server I
got either  "No route to host" or "Connection refused"
although I stopped firewalls on locals and set the NAT
server as the default gateway for local clients.

Would you mind to provide the full ruleset of your nat box ? Preferably
the output of iptables-save ? A description of your network layout could
be helpfull too (networks, NICs,...). As there is "No route to host" the
routing table could give some enlightment. There are at least two
interfaces, so - is ip-forwarding enabled ? What does

netstat -tulpn | grep ':22'

give on the respective boxes ? When trying to connect via SSH to no
avail, what does

tcpdump -ni <respective_inerface>

give (try reducing other traffic) ? Questions over questions :)

Have a nice time,

Joerg



- -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A  E838 B2DF AFCC 94B0 6629

...We waste time looking for the perfect lover
instead of creating the perfect love.

                -Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFC3RVcst+vzJSwZikRAvjjAKCka178a2ROn/HBqff4RVj5PwjSNACdFsGj
zdr88jWe/HMxzivNy5u/UfA=
=nMTJ
-----END PGP SIGNATURE-----

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux