-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Terje, On Sunday 15 October 2006 17:53, Terje J. Hanssen wrote:
I'm new to SuSEfirewall2 and I'm struggling to get access to my openSUSE 10.1 workstation from remote locations. The purpose is to run NX server/clients and SSH in the first phase. So far port 22 of my network router is directed to the SuSE workstation, and I've tried with YaST to enable the ssh service in the firewall. But the workstation doesn't seem to respond on remote ssh commands.
Looking in /etc/sysconfig/SuSEfirewall2 the following are set:
FW_SERVICES_EXT_TCP="microsoft-ds netbios-ssn ssh" FW_SERVICES_EXT_UDP="netbios-dgm netbios-ns"
I'm not sure about use of required zones EXT, INT and/or DMZ? In YaST2 I could neither see a way to set both "ssh 22" as commented in the config.file?
Suggestions to how to do this and to what is the preferred way to test the settings, locally and from remote?
Is the workstation connected to the internet? If not, try to disable the firewall: As root enter rcSuSEfirewall2 stop Then try to ping the workstation from another computer in your network ping <IP address of workstation> If this works well, the network connection to your workstationis ok and you can proceed further. If not, you will have to check your routing. If your workstation is connected to the internet, you will probably want to remove the entries for microsoft-ds, netbios-dgm and netbios-ns from FW_SERVICES_EXT_*. Otherwise you would allow anybody access to a SAMBA server on your workstation which is probably not a good idea. The lines should read FW_SERVICES_EXT_TCP="ssh" FW_SERVICES_EXT_UDP="" to allow ssh access only. Next step would be to check whether the SSH daemon is running at all. As root at the workstation enter rcsshd status If it is not 'running' try to start it with rcsshd start Check for any error messages here. If the service is running or can be started, try from another computer to access your workstation. telnet might be a good program to try: telnet <IP address of your workstation> 22 You should get at least some message from the SSH daemon. If this also works, you can try the SSH program to connect to your workstation. If you run it on Linux, add parameter -vv to get some information what happens during start of connection. Also have a look into /var/log/messages and check whether the SSH daemon complains about something. If a remote ssh connection does not work, try it from the workstation itself: ssh localhost Does this work or do you get any error messages? Bye, Jürgen -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFFMmEdtMrl3JEeRvwRArfZAJ9PMlAgKnw4NrMLd25aoYAm9uKOfQCeOp4T Me/VO6jmqD0by9HyUnFpVo4= =ErPa -----END PGP SIGNATURE-----