[NCLUG] setup for ssh on two nics

Kevin H. Olson k.h.olson at att.net
Thu Jan 25 14:49:37 MST 2007


I am certain this issue has been resolved before, by my ability to resolve it or find an answer using google, etc. has failed me.

I have a machine (named squidy), running Fedora Core 3, with two NIC cards. One card is configured to an internal static IP address of This NIC (eth0) is used within the network for allowing ssh connections for maintenance. This machine/nic has some public services on non-standard ports (e.g., 8443, 7101) that are forwarded from a firewall (FW-A; public IP to this nic. These services all work fine, and moving them would be a bit painful.

The other card (eth1) is configured to, and is connected to the internet address of through a different firewall (FW-B) that forwards port 22 to that second local IP address.

What I need is for the eth0 to accept ssh from the local network and respond on that network. I need eth1 to accept ssh from the forwarded port and to answer back on that port. The other services using eth0 use the main gateway that is at

I have a limited number of external addresses that may connect to the address, so I thought I could just use specific routes. I added one of the addresses (the 71... below) to the routing table.

>route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface UGH   0      0        0 eth1   UG    0      0        0 eth0   U     0      0        0 eth1   U     0      0        0 eth0     U     0      0        0 eth1         UG    0      0        0 eth0

The is one machine that is supposed to be able to connect via ssh on 

(note: the net is a VPN network using OpenVPN).

I have made sure that the iptables is set properly to accept the connection. I added logging to the iptables as well. When a connection is made from the 71.237... address, it shows in the log file, but there is no response from the sshd. 

I set the ip_forward in the kernel to 1:
>cat /proc/sys/net/ipv4/ip_forward

The sshd_config is not set to a specific address.

Do I need to have two separate sshd processes listening to the different IP addresses? Is there something specific about the routing I am missing? The sshd works perfectly within the network, and over the OpenVPN. The external access to ssh that is coming in on eth1 seems to connect, but nary a response is given, and nothing is shown in the /var/log/secure.

Any guidance in this matter is appreciated.


More information about the NCLUG mailing list