Hello Armin,
To connect to the remote machine I dialin via isdn and provide static IP adresses.
This is the log from the remote machine, so "local" is actually the remote machine I connect to: Jul 9 21:34:18 omicron ipppd[7273]: local IP address 192.168.55.100 Jul 9 21:34:18 omicron ipppd[7273]: remote IP address 192.168.55.200
this seems to work. But as soon I try to connect via ssh ssh -X user@192.168.55.100 I get rejected.
And the following can be found in /var/log/messages
Jul 9 21:34:22 omicron kernel: SFW2-IN-ILL-TARGET IN=ippp0 OUT= MAC= SRC=192.168.55.200 DST=192.168.55.100 LEN=6 0 TOS=0x00 PREC=0x00 TTL=64 ID=48935 DF PROTO=TCP SPT=1032 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B404 02080A01E052360000000001030302)
On the remote machine I have setup the firewall2 via yast, IP Forwarding is activated and I allow for ssh.
omicron:~ # route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.55.200 0.0.0.0 255.255.255.255 UH 0 0 0 ippp0 192.168.55.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 192.168.55.200 0.0.0.0 UG 0 0 0 ippp0 omicron:~ #
OK, now we need to know the interface variables of the firewall FW_DEV_EXT, FW_DEV_INT, FW_DEV_DMZ
Here are my values: FW_DEV_EXT="ippp1 ippp1 ippp1" FW_DEV_INT="eth-id-00:e0:81:20:30:04 ippp0" FW_DEV_DMZ="" While I checked the system I had to realize that the firewall is totally shut off, So the route -n is from the system with no firewall... (That there is no fw is not a nightmare, since there is no connection to the world besides the dial in and no critical data is (unitl now) available) Since I am now really remote I can switch the fw on but if the test fails.... I need to travel :-) I don't know where the second eth0 comes from (there are two cards in the machine but one is deactivated) and I do not know where this IP Adr.. 169.254.0.0 comes from -- can I get rid of it ??? How ? Sorry this is a dummy question I found some info in the man pages but beeing remote I am afraid to fiddle a round. Thanks a lot Michael This e-mail (and/or attachments) is confidential and may be privileged. Use or disclosure of it by anyone other than a designated addressee is unauthorized. If you are not an intended recipient, please delete this e-mail from the computer on which you received it. We thank you for notifying us immediately.