Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
i want to connect 2 physical computers from one network through SSH.
So far my experience with SSH was between computer and VM set up on the same computer.
Process was simple - getting 'openshh server', running it, finding ip adress through 'ip addr', connecting through 'ssh name@adres'. Computers were talking though each other, which i could check through 'ping address'.
Now i want to connect 2 physical computers,
the connection looks like Computer1 - router1 - router2 - Computer2,
I can see address of Computer2 at eth0 on its screen.
Although when using 'ping computer2adress' i see nothing but
Code:
$ ping 192.168.1.100
PING 192.168.1.100 (192.168.1.100) 56(84) bytes of data.
From nnn.mmm.ccc.dd cmp_seq=146 Destination Net Unreachable
is there any trick i should know when connecting though routers, that now is blocking me?
Most Linux distros have built in firewall features (e.g. iptables and/or firewalld). You'd need to be sure you're allowing the source IP permission to ICMP and tcp port 22 in the destination's firewall.
Additionally, some routers (especially those used at home) have built in firewall features. You'd need to open ICMP between the computers to allow for ping to work. You'd need to open TCP port 22 (assuming you're using the default) for ssh to work between to the two.
Last edited by MensaWater; 05-03-2019 at 12:51 PM.
Maybe a problem with the routing on computer1? Can't be sure 'cause you obfuscated the source IP address.
Why are there two routers in your network? Are they on the same subnet? Can you ping them both from computer1?
Inter-computer communication via ssh is not different for "real" hardware vs VM (I don't think)...I have several 'puters on one router and no problem "ssh'ing" between them.
Hehe all those things are quite new for me,
so it will take time for me to figure all those things out,
but with will, step by step, and you it may end successfully,
thanks for the whole support,
1. port 22 / SSH
after many trails and errors and different webages (f.e. LQ post from 15 years ago) i found this
3. to check if i can ping any of those routers i made research and read about ip r command
Code:
$ ip r
default via 192.168.0.1 dev eth0 proto static metric 100
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.103 metric 100
mq@mx:~
$ ping 192.168.0.0
Do you want to ping broadcast? Then -b. If not, check your local firewall rules.
mq@mx:~
$ ping -b 192.168.0.0
WARNING: pinging broadcast address
PING 192.168.0.0 (192.168.0.0) 56(84) bytes of data.
--- 192.168.0.0 ping statistics ---
7 packets transmitted, 0 received, 100% packet loss, time 6146ms
broadcast mean all devices in a network is it? So no response from any device.
(Computer2 have MX Linux, and have firewall on) (it is a good question if router 1 or router2 have firewalls (i know they dont have VPN for now), i will check it out)
4. I will work now on forwarding and other paths that you mentioned,
i really appreciate your all help, and what this community is giving me,
by tirelessly answering all my questions for last weeks
and there is section "Forwarding>>Virtual Server" which gave me option to "add new"
So I add one, and outcome is here
Code:
Virtual Server
Service Port IP Address Internal Port Protocol Status Edit
22 192.168.0.103 22 TCP or UDP Enabled Edit
Actually i wonder what IP Address i should put there, this above is from Computer1 (made on router1)
another question would be,
if router1 have http://192.168.0.1/, how can i check from computer1 ip adress of router2 (which is at computer2)? (any ifconfig or other netstat adress magic?)
Are the router's connected to the internet or is this a lab setup?
If you know the password you can login to the router and find its addresses. A router will have two IP addresses, The LAN which will be a private class typically 192.168.x.y and its WAN or internet address which is normally configured by DHCP from the internet service provider for the home network.
When connecting to computer 2 you would use the router's WAN IP address not the private IP address.
router1 is 192.168.0.1, router2 is 192.168.1.1 (lan) 192.168.0.2 (wan)
all devices connected to router1 are 192.168.0.*
all devices connected to router2 are 192.168.1.*
router2 settings
================
router2 - IPs are
Lan : 192.168.1.1
Wan : 192.168.0.2
computer2 - DHCP server settings are on,
and first address is 192.168.1.100 - which is assigned to computer2.
pinging yes
===========
From computer2 terminal i can ping all involved parties (and some more)
Code:
64 bytes from 192.168.0.1: icmp_seq=1 ttl=63 time=2.56 ms << that is router1
64 bytes from 192.168.0.2: icmp_seq=1 ttl=64 time=0.183 ms << that is router2 wan
64 bytes from 192.168.0.100: icmp_seq=1 ttl=63 time=0.439 ms << that is computer1
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.265 ms << that is router2 lan
64 bytes from 192.168.1.100: icmp_seq=1 ttl=64 time=0.089 ms << that is computer2
From computer1 terminal i can ping less
Code:
64 bytes from 192.168.0.1: icmp_seq=1 ttl=64 time=1.18 ms << router1
64 bytes from 192.168.0.2: icmp_seq=1 ttl=64 time=0.968 ms << router2 wan
64 bytes from 192.168.0.100: icmp_seq=1 ttl=64 time=76.6 ms << computer1
Summary
=======
I cannot see any device connected to router2 (lan, wan, fiwi) from computer1,
so it has to be a router thing is it?
You wrote
"When connecting to computer 2 you would use the router's WAN IP address not the private IP address."
yes but... isnt it that WAN IP is just for router (as described before)?
With WAN delivered above i can connect to the router not the computer2 as such, am i?
well they are not - router2 is 192.168.1.1 (lan) 192.168.0.2 (wan)
(router1 is a gate to internet)
Quote:
The wan IP address can not be the same.
what do you mean by that? Is it a statement, that those are my wan addresses?
Quote:
Router 1 wan 192.88.89.1/24
Router 2 wan 192.88.89.2/24
In the router1 settings,
its WAN is displayed in of Range 10.0.0.0 - 10.255.255.255 as Class A network, differently than WAN Router2 which is Class D
Quote:
Computer 1 gateway set for 192.168.0.1
ssh user@192.88.89.2
NAT
===
why the NAT came into play right now?
Without waiting for answer
Ive checked router configurations, NAT is enabled in settings.
Quote:
One of the functions of s NAT router is to isolate LAN from the Internet.
Questions
=========
how is that, that i can ping computer1 from computer2 but not other way around?
Can it have something in common with port 22 or other open/close?
Probably not, since pinging is not connecting through SSH.
How is that,
that from Computer2 i can connect to router1 and router2
but from Computer1 i can connect just to router1 (not to router2)
Is there anything i should check in the first place on both computers,
which can solve this connecting problem / that computer dont see eachother
Visible Outputs
===============
tests performed on computer2 by commands mentioned below, are giving me different amount of visible outputs.
nast (2 outputs)
arp (3 outputs)
arp-scan (3 outputs)
nmap (5 outputs)
Because of how NAT works you can ping the internet from inside your LAN but you can not do the reverse. Same holds true for computer 2 i.e. you ping computer 1 and router 1 but computer 1 can not ping computer 2.
Since you can ping computer 1 from computer 1 you should be able to login via ssh to computer 1 without any addition configuration of either router.
To login to computer 2 from computer 1 you will need to forward ssh to the computer 2 IP address in router 2. Then the command is
ssh user@192.168.0.2
I took computer2 and router2 to place where computer1 and router1 are,
to be able to freely jump between them.
Here are 2 screens, two units to, two routers, two mouses and two keyboards, we have kind of LAN party around, and we (me and all other eventual LAN party members) enjoy it so far.
on both machines
Code:
$ sudo service ssh status
[sudo] password for mq:
[ ok ] sshd is running.
give me +, all good
being on computer2,
I can connect with IP address to router1 and router2,
i can ping computer1 but by
Code:
ssh user@address
ssh: connect to host address port 22: Connection timed out
being on computer1
i cannot ping router2, i cannot connect to router2 (yes: WAN address),
i cannot ssh user_comp2@comp2_addr
Firewall has to be strong here!
Is there any trick with Forwarding i should know about?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.