Hi Jürgen, Thank you for replying. I'm sitting "external" from my office network just now on my homePC running openSUSE 10.1. Therefore I cannot run all the local tests you mentioned before tomorrow internal on my office. What I can do and have verified now is: Running openvpn and tsclient/RDP clients on my Linux homePC I can connect to my office Win2k Terminal server running openvpn. This is equivalent with the NX connection I wish to my office Linux workstation, with the exception that NX uses its embedded ssh. I'll use NX client for Linux on my home PC connecting to my office openSUSE 10.1 workstation running NX server and also use NX client for Windows on my office. But first I'll try to get a plain ssh connection to work. Internal ping ok Logged on my Win2kTS and started a Command terminal. Ping ok with no response problem from my networked Linux workstation, trying both its privat IP (NAT) nor hostname. I know also there is neither any problem to ping the opposite way to all networked hosts and printers on my office. Internal telnet attempt Started also a Win2kTS telnet window and tried open internal_IP_of_Linux_host 22 which responded "SSH-1.99-OpenSSH_4.2" entered Return then got "Protocol mismatch" Tried also from my homePC in a terminal telnet external_IP_of_office_router 22 but got no response Does this say something more to possibly try? Else, yes, my office Linux workstation is connected to Internet through a Netscreen router and firewall (gateway). I though the entries microsoft and netbios in the config.file came from installing the Samba server, which I haven't really set up yet. Are they possibly required for Samba? Terje Jürgen Mell wrote:
Hi Terje,
On Sunday 15 October 2006 17:53, Terje J. Hanssen wrote:
I'm new to SuSEfirewall2 and I'm struggling to get access to my openSUSE 10.1 workstation from remote locations. The purpose is to run NX server/clients and SSH in the first phase. So far port 22 of my network router is directed to the SuSE workstation, and I've tried with YaST to enable the ssh service in the firewall. But the workstation doesn't seem to respond on remote ssh commands.
Looking in /etc/sysconfig/SuSEfirewall2 the following are set:
FW_SERVICES_EXT_TCP="microsoft-ds netbios-ssn ssh" FW_SERVICES_EXT_UDP="netbios-dgm netbios-ns"
I'm not sure about use of required zones EXT, INT and/or DMZ? In YaST2 I could neither see a way to set both "ssh 22" as commented in the config.file?
Suggestions to how to do this and to what is the preferred way to test the settings, locally and from remote?
Is the workstation connected to the internet?
If not, try to disable the firewall: As root enter
rcSuSEfirewall2 stop
Then try to ping the workstation from another computer in your network
ping <IP address of workstation>
If this works well, the network connection to your workstationis ok and you can proceed further. If not, you will have to check your routing.
If your workstation is connected to the internet, you will probably want to remove the entries for microsoft-ds, netbios-dgm and netbios-ns from FW_SERVICES_EXT_*. Otherwise you would allow anybody access to a SAMBA server on your workstation which is probably not a good idea. The lines should read
FW_SERVICES_EXT_TCP="ssh" FW_SERVICES_EXT_UDP=""
to allow ssh access only.
Next step would be to check whether the SSH daemon is running at all. As root at the workstation enter
rcsshd status
If it is not 'running' try to start it with
rcsshd start
Check for any error messages here. If the service is running or can be started, try from another computer to access your workstation. telnet might be a good program to try:
telnet <IP address of your workstation> 22
You should get at least some message from the SSH daemon. If this also works, you can try the SSH program to connect to your workstation. If you run it on Linux, add parameter -vv to get some information what happens during start of connection. Also have a look into /var/log/messages and check whether the SSH daemon complains about something. If a remote ssh connection does not work, try it from the workstation itself:
ssh localhost
Does this work or do you get any error messages?
Bye, Jürgen