Terje J. Hanssen wrote:
Richard Ems wrote:
I would suggest you to use tcpdump and sniff on the NIC to see if ssh packets are arriving at all at your workstation.
tcpdump -i eth0 port ssh
will write to the console all ssh packets seen on eth0. Or if you like GUIs try ethereal.
See "man tcpdump".
First, after entering the above command on the local host (alfa, Linux), is it possible to connect back again to local host using ssh through the router's (netsreen) external ip address, i.e. something similar to
ssh 1.2.3.4 22
sure, tcpdump just shows you tcp/udp packets arriving at the selected interface it doesn't block or stop nothing, if ssh works, it will work with and without tcpdump running! Again, READ the manual page!
or possibly log this using another command?
Isn't there any log file from/for the SuseFirewall2 that tells if and which communication attempts (type) that has occured or has been rejecteded? Or are this only logged for each service type like already mentioned for ssh in /var/log/messages?
Yes, but using tcpdump is the way to go! Try it! See parameters FW_LOG_[AD]* in /etc/sysconfig/SuSEfirewall2 . Setting the firewall to log all packets will create really big logfiles! # grep -B10 "^FW_LOG_[AD]" /etc/sysconfig/SuSEfirewall2 # # 16.) # Which logging level should be enforced? # You can define to log packets which were accepted or denied. # You can also the set log level, the critical stuff or everything. # Note that logging *_ALL is only for debugging purpose ... # # Choice: "yes" or "no", if not set FW_LOG_*_CRIT defaults to "yes", and # FW_LOG_*_ALL defaults to "no" # FW_LOG_DROP_CRIT="yes" ## Type: yesno ## Default: no # FW_LOG_DROP_ALL="no" ## Type: yesno ## Default: yes # FW_LOG_ACCEPT_CRIT="yes" ## Type: yesno ## Default: no # FW_LOG_ACCEPT_ALL="no"