* Lew Wolfgang
On 04/02/2019 06:24 PM, Patrick Shanahan wrote:
Oh, are you running ipv6? it is enabled but not knowing enough about ipv6, I use ipv4 for internal net commands.
I mentioned ipv6 because I've seen rogue router announcements siphon off traffic to bit-buckets. For example, users used to be able to turn on Internet Connection Services (ICS) on Windows boxes, which allowed the boxes to advertise themselves as v6 routers. But the packets would just disappear. This manifested itself as failed ssh connections. ssh tries v6 addresses first, falling back to v4 if the server rejects the v6. But the rejects would never return with a bogus router on the subnet. In this case, "ssh -4 hostname" would work. I don't think this is your problem though.
with server firewall up, ssh -4 from server to workstation and reverse both fail.
Of course, things become more complicated if Windows are involved. All the machines are running Linux, right? there are windows machines on the net but not involved. afaics the*only* difficulty is between workstation 192.168.1.10 and the server 192.168.1.3 and stopping the server firewall allows ssh from workstation to succeed.
So try an nmap from client to the server, once with the server's firewall on, and once with it off. If nmap shows port 22 open with the firewall on, but "telnet 192.168.1.10 22" fails, then you've got a really interesting problem! You might also try "ssh -v 192.168.1.10" and see if you can find where it's failing. You could try this both from a working client, and the bad one.
see other mail
Could the server's firewall, which apparently has multiple Ethernet ports, be forwarding traffic off-network? Maybe just return packets? Some kind of a loop? What does "ip addr" and "ip route" have to say?
# ip addr
1: lo:
When all else fails, maybe it's time to break out tcpdump or wireshark to see exactly what's coming and going.
Carlos also has a point about the wahoo.no-ip.org name resolution. What does your /etc/resolv.conf look like? And /etc/hosts?
### /etc/resolv.conf file autogenerated by netconfig! # # Before you change this file manually, consider to define the # static DNS configuration using the following variables in the # /etc/sysconfig/network/config file: # NETCONFIG_DNS_STATIC_SEARCHLIST # NETCONFIG_DNS_STATIC_SERVERS # NETCONFIG_DNS_FORWARDER # or disable DNS configuration updates via netconfig by setting: # NETCONFIG_DNS_POLICY='' # # See also the netconfig(8) manual page and other documentation. # # Note: Manual change of this file disables netconfig too, but # may get lost when this file contains comments or empty lines # only, the netconfig settings are same with settings in this # file and in case of a "netconfig update -f" call. # ### Please remove (at least) this line when you modify the file! search attlocal.net wahoo.no-ip.org nameserver 156.154.70.1 nameserver 8.8.4.4 nameserver 64.94.33.33 # # hosts This file describes a number of hostname-to-address # mappings for the TCP/IP subsystem. It is mostly # used at boot time, when no name servers are running. # On small systems, this file can be used instead of a # "named" name server. # Syntax: # # IP-Address Full-Qualified-Hostname Short-Hostname # 127.0.0.1 localhost # special IPv6 addresses ::1 localhost ipv6-localhost ipv6-loopback fe00::0 ipv6-localnet ff00::0 ipv6-mcastprefix ff02::1 ipv6-allnodes ff02::2 ipv6-allrouters ff02::3 ipv6-allhosts 108.246.209.12 wahoo.no-ip.org paka 192.168.1.3 wahoo.wahoo.no-ip.org wahoo 192.168.1.2 toshiba.wahoo.no-ip.org toshiba 192.168.1.100 Carolyn.wahoo.no-ip.org Carolyn 192.168.1.101 acer.wahoo.no-ip.org acer 192.168.1.5 dell.wahoo.no-ip.org dell 192.168.1.8 crash2.wahoo.no-ip.org crash2 192.168.1.10 Crash.wahoo.no-ip.org Crash the current hosts/resolv.conf have work properly for years... tks, -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Registered Linux User #207535 @ http://linuxcounter.net Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode -- To unsubscribe, e-mail: opensuse-support+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-support+owner@opensuse.org