[opensuse] ssh problem from remote LAN
Hello, Set up a SLES 10 server and although I can ssh to it from any box on the local LAN I can't get to it from a remote LAN even though I can ssh to any other box on the local LAN via ssh. All of the other servers are running Suse 9.1 to Suse 10, while the one I can't connect to remotely is running SLES 10. The sshd_config is identical to the other servers and the firewall is off. Nmap results show that the ssh port on the SLES 10 server is appearing as filtered from the remote network and open from the local LAN. Only the SLES 10 box has this behavior. Any ideas? ~~~ Local LAN - 192.168.0.0 to SLES 10 server on 192.168.0.0 ~~~ Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2007-01-30 10:04 PST Interesting ports on 192.168.0.6: (The 1656 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 22/tcp open ssh 111/tcp open rpcbind 389/tcp open ldap 427/tcp open svrloc 631/tcp open ipp 888/tcp open accessbuilder 10000/tcp open snet-sensor-mgmt ~~~ Remote LAN - 192.168.1.0 to SLES 10 server on 192.168.0.0 ~~~ Starting nmap V. 3.00 ( www.insecure.org/nmap/ ) Interesting ports on (192.168.0.6): (The 1594 ports scanned but not shown below are in state: closed) Port State Service 22/tcp filtered ssh 111/tcp open sunrpc 389/tcp open ldap 427/tcp open svrloc 631/tcp open ipp 888/tcp open accessbuilder 10000/tcp open snet-sensor-mgmt ~~~ Remote LAN - 192.168.1.0 to Suse 10 server on LAN 192.168.0.0 ~~~ Starting nmap V. 3.00 ( www.insecure.org/nmap/ ) Interesting ports on (192.168.0.44): (The 1593 ports scanned but not shown below are in state: closed) Port State Service 22/tcp open ssh 111/tcp open sunrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds 631/tcp open ipp 888/tcp open accessbuilder 5432/tcp open postgres 10000/tcp open snet-sensor-mgmt Thank you in advance, James -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tuesday 30 January 2007, James D. Parra wrote:
Hello,
Set up a SLES 10 server and although I can ssh to it from any box on the local LAN I can't get to it from a remote LAN even though I can ssh to any other box on the local LAN via ssh. All of the other servers are running Suse 9.1 to Suse 10, while the one I can't connect to remotely is running SLES 10.
The sshd_config is identical to the other servers and the firewall is off. Nmap results show that the ssh port on the SLES 10 server is appearing as filtered from the remote network and open from the local LAN. Only the SLES 10 box has this behavior. Any ideas?
Since you seem to be connecting to the same port (192.168.0.6) regardless of where you attempt to connect FROM, I can only assume the machine has only a single nic, Is that right? Therefore, a connection to that nic from a local machine is going to the same port as a connection from another lan. It seems to me that the firewall is not really off, or that there is a subnetting mask error such that packets can't get back from 192.168.0.6. -- _____________________________________ John Andersen
On Tue January 30 2007 13:28, James D. Parra wrote:
Hello,
Set up a SLES 10 server and although I can ssh to it from any box on the local LAN I can't get to it from a remote LAN even though I can ssh to any other box on the local LAN via ssh. <snip>
Hi James, After mulling your post over since yesterday, the thought occurred to me that you might be troubleshooting the wrong device. Is it possible the router connecting the local LAN to the Internet has previously been configured to enable port-forwarding to the other clients? regards, Carl -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
From: "Carl Hartung"
On Tue January 30 2007 13:28, James D. Parra wrote: Hello,
Set up a SLES 10 server and although I can ssh to it from any box on the local LAN I can't get to it from a remote LAN even though I can ssh to any other box on the local LAN via ssh. <snip>
Hi James,
After mulling your post over since yesterday, the thought occurred to me that you might be troubleshooting the wrong device. Is it possible the router connecting the local LAN to the Internet has previously been configured to enable port-forwarding to the other clients?
regards,
Carl
I thought about that too. But, if the router is providing NAT for the LAN, then it doesn't make sense that it (a simple router) would be able to configure port forwarding of an incoming ssh requrest to multiple clients behing the router. Generally, the router will only port forward requests to a single machine on the LAN side. My question would be how is the router configured and how is James ssh'ing to the other machines on the LAN across the router. My initial thoughts on the problem were a misconfigured /etc/ssh/sshd_conf; a non-running sshd on the SLES machine; or a problem with the /etc/hosts.allow or /etc/hosts.deny setup. HTH. -- David C. Rankin, J.D., P.E. 510 Ochiltree Street Nacogdoches, Texas 75961 (936) 715-9333 (936) 715-9339 fax www.rankinlawfirm.com -- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (4)
-
Carl Hartung
-
david rankin
-
James D. Parra
-
John Andersen