[NCLUG] setup for ssh on two nics

Kevin H. Olson k.h.olson at att.net
Fri Jan 26 08:17:28 MST 2007 

Mike,

  Thank you for the information.

  I finally traced the problem to an iptables issue. I didn't include the iptables configuration in the original e-mail, but in essence I had added a lines: 

-A INPUT -i eth1 -m state --state NEW -m tcp -p tcp --dport 22 --source 71.237.54.207/32 -j LOG --log-level "NOTICE" --log-prefix "[eth1 ssh] "
-A INPUT -i eth1 -m state --state NEW -m tcp -p tcp --dport 22 --source 71.237.54.207/32 -j ACCEPT

So, my original logging worked fine. Unfortunately, I neglected a very important line:
-A INPUT -i eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT

Thus, only the original packet(it appears) was being allowed through, and then dutifully logged.

Thank you for your help!

Kevin

 -------------- Original message ----------------------
From: Michael Milligan <milli at acmeps.com>
> Kevin H. Olson wrote:
> > Greetings.
> > 
> 
> [prologue deleted]
> 
> >>route -n
> > 
> > Kernel IP routing table
> > Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
> > 71.237.54.207   192.168.12.1    255.255.255.255 UGH   0      0        0 eth1
> > 192.168.32.0    192.168.10.102  255.255.255.0   UG    0      0        0 eth0
> > 192.168.12.0    0.0.0.0         255.255.255.0   U     0      0        0 eth1
> > 192.168.10.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0
> > 169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth1
> > 0.0.0.0         192.168.10.1    0.0.0.0         UG    0      0        0 eth0
> > 
> > The 71.237.54.207 is one machine that is supposed to be able to connect via 
> ssh on 69.15.85.68. 
> > 
> 
> What does tcpdump show for port 22 traffic on eth1 when you try to ssh in?
> 
> There could be any number of problems.  Based on your description of the
> setup, you shouldn't have to worry about iptables or forwarding through
> the box.  If tcpdump just shows unexpected addresses, then NAT
> (somewhere) is your problem.  If nothing (or only one direction) shows
> in the tcpdump, then routing (or firewalling via iptables) is your problem.
> 
> Regards,
> Mike
> 
> -- 
> Michael Milligan                                   -> milli at acmeps.com
> Acme Professional Services LLC                        970-581-9948
> _______________________________________________
> NCLUG mailing list       NCLUG at nclug.org
> 
> To unsubscribe, subscribe, or modify 
> your settings, go to: 
> http://www.nclug.org/mailman/listinfo/nclug

More information about the NCLUG mailing list