On my office, I'm not quite sure if SuseFirewall really is required on my Linux workstation there, as we have a separate Netsreen router with a built-in firewall to protect our Internet connection (cable modem now, to be replaced with ADSL soon). Absolutely required, perhaps not, but suggested, I would. Even if the router's firewall protects you from the Internet, SuSEfirewall2 would
The router port 22 and ssh service is forwarded now to the Linux workstation. Which should work with no problems. I've done that a few times. Since
Terje J. Hanssen wrote: protect from the LAN. this opens ssh up to the Internet, I would suggest locking it down to only key authentication (not password).
What do you think, is SuseFirewall2 really needed for ssh/NX, though yet, it does of course not harm if I get it to work?
And it is not hard to configure in your situation. Everything in your case is configured on the external interface. You have no internal LAN, no need to forward or NAT, etc. You only need to decide which ports to open, which you have already done.
From Windows on my homePC D:\>ping 1.2.3.4 ...no response ...request quitted
Did you allow ping (ICMP) on your firewall? This could and probably is blocked for the external interface on your SuSEfirewall2.
Microsoft Telnet> open 1.2.3.4 22 Connect to 1.2.3.4 ..... Cannot open connection to server on port 22: Cannot connect
Use PuTTy instead of telnet. I think this is because of the program.
The same happends also booting Linux on my home PC. Tried also with ssh:
terje@dhcppc1:~> ssh -vv 1.2.3.4 22 OpenSSH_4.2p1, OpenSSL 0.9.8a 11 Oct 2005 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to 1.2.3.4 [1.2.3.4] port 22.
Is your username the same on both boxes? You should use ssh (-X to forward X programs) user@IP If you want to give a port, it uses -p option, but since you are using port 22, no need.
If I try internal from my office Win2kTS both, indipendent of local or remote RDP logins to it:
C:\> ping ip_linux_ws ....responded ok C:\> ping hostname_linux_ws ....responded ok
Then the router is not forwarding the ICMP packets.
Well, in the YaST network configuration routing part, I entered our privat ip_router_ address as standard system port. Then the access to Internet worked ok from the Linux workstation. Beside I use /etc/hosts and fixed (privat) ip, and have added our domain name and DNS ip there.
Doesn't your router do DHCP? This manual config sounds confusing to me. But if you have forwarded port 22 on your router to the IP of your Linux box, sshd is started, and port 22 is open on your ext interface in your firewall, it should work.
# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 1.2.3.0 * 255.255.255.0 U 0 0 0 eth0 link-local * 255.255.0.0 U 0 0 0 eth0 loopback * 255.0.0.0 U 0 0 0 lo default netscreen 0.0.0.0 UG 0 0 0 eth0
This doesn't look right. The gateway should be the IP of your router, not netscreen. BTW, you only need to reply to the security list. We are all subscribed and will get your reply there. -- Joe Morris Registered Linux user 231871