I'll do an attempt here to deepen and collect the requested information: Joe Morris (NTM) wrote:
He may need them for the smb client to work. Since he seems to have a workstation in a network mixed with Windows boxes, if any printers or directories were shared from Windows, he would need those opened. If he knows they are not needed, then remove them, as they certainly are not needed for ssh access.
Yes, this is the situation. My new Xeon/Linux workstation will replace my old Sparc/Solaris workstation on a SO mixed network of Windows PCs/server and network printers. I have just on beforehand mounted shared Windows maps using the Gnome menu to connect the win2k server (maybe smbclient still is used in behind this). My plan is next to setup also a Samba server for file sharing to Windows. Carlos E. R. wrote:
In that case I would use profiles: one for home, another for the office.
On my multiboot homePC, SuseFirewall is undoubtly required as its connection to Internet is using a vanilla ADSL router (modem) and DHCP from my ISP. Booting Windows on the same PC, ZoneAlarm has been used correspondingly. On my office, I'm not quite sure if SuseFirewall really is required on my Linux workstation there, as we have a separate Netsreen router with a built-in firewall to protect our Internet connection (cable modem now, to be replaced with ADSL soon). The router port 22 and ssh service is forwarded now to the Linux workstation. What do you think, is SuseFirewall2 really needed for ssh/NX, though yet, it does of course not harm if I get it to work? (Just for background information I'll mentione that the proprietary Netsreen firewall had Windows only clients available, and I had to boot Windows on my home PC just to be able to connect using Netsreen/RDP clients to my office Win2k Terminal server. To connect to Solaris I've used SCO TermVision vt420 emulator and a GUI based (tcp) file browser and for file transfers. We overcome this by installing OpenVpn on the Win2kTS and by forwarding the actual router port to this server. Now I can also connect from Linux at home to my office Wind2kTS using openvpn/tsclient/rdesktop clients, and we also use openvpn clients on laptops) The actual additional step now is to get a direct connection from my home PC to my office Linux workstation. I wish to use NX client/server for running full X/Gnome/KDE desktops, correspondingly to RDP for Win2kTS connection. I hope to get this to work also from office to home afterwards. Richard Ems wrote:
So you connect to the external ip address on your router, say 1.2.3.4 on port 22 and this is forwarded to your linux box.
Yes.
With or without NAT?
Yes, we use NAT on our office network router, and port 22 with ssh, ping and echo in the firewall are forwarded to the private IP for my Linux workstation. I'll double check regarding NAT with my consultant who has configured the router (and previous for openvpn). Connection examples, here using fictive external ip address to our router:
From Windows on my homePC D:\>ping 1.2.3.4 ...no response ...request quitted
Microsoft Telnet> open 1.2.3.4 22 Connect to 1.2.3.4 ..... Cannot open connection to server on port 22: Cannot connect The same happends also booting Linux on my home PC. Tried also with ssh: terje@dhcppc1:~> ssh -vv 1.2.3.4 22 OpenSSH_4.2p1, OpenSSL 0.9.8a 11 Oct 2005 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to 1.2.3.4 [1.2.3.4] port 22. If I try internal from my office Win2kTS both, indipendent of local or remote RDP logins to it: C:\> ping ip_linux_ws ....responded ok C:\> ping hostname_linux_ws ....responded ok telnet> open ip_linux_ws ....... som responderte "SSH-1.99-OpenSSH_4.2" ........I entered Return then "Protocol mismatch"
Are the packets arriving at the Linux box?
Sorry, how do I possibly find out that (log files, tools)?
With ip address 1.2.3.4 or natted?
Same as above?
Did you try to sniff with tcpdump?
How do I verify/check that? (sorry, unknown tool for me) I guess I have to sit local on my Linux workstation, possibly do a tsclient/rdesktop login to our Win2kTS and send something to the external ip of our router or? Maybe I can send something directly from the Linux workstation also?
Is properly routing configured on the linux box?
Well, in the YaST network configuration routing part, I entered our privat ip_router_ address as standard system port. Then the access to Internet worked ok from the Linux workstation. Beside I use /etc/hosts and fixed (privat) ip, and have added our domain name and DNS ip there.
What does /sbin/route say?
Output from the route command as follows: # route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 1.2.3.0 * 255.255.255.0 U 0 0 0 eth0 link-local * 255.255.0.0 U 0 0 0 eth0 loopback * 255.0.0.0 U 0 0 0 lo default netscreen 0.0.0.0 UG 0 0 0 eth0
Any sshd messages on /var/log/messages?
Sorry, forgot to check that. Carlos E. R. wrote:
How exactly are you testing it? Hardware, software, network setup, both sides.
I think and hope I've managed to explain this above.
I assume there are no tunnels or things involved.
There is no tunnels involved between my home PC to connect directly to my Linux workstation on my office, using port 22 forwarding from the office router/firewall to the Linux box. (OpenVpn as mentioned is used when connecting to the office Win2k Terminal Server with another port # forwarding) Rgds, Terje