LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 09-20-2010, 08:42 PM   #16
jacques83
Member
 
Registered: Nov 2005
Posts: 34

Original Poster
Rep: Reputation: 15

aj@aj-laptop:~$ ssh root@192.168.30.41
ssh: connect to host 192.168.30.41 port 22: No route to host
aj@aj-laptop:~$
 
Old 09-20-2010, 09:39 PM   #17
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
I've added CODE tags to your post in order to add readability.

Going forward, please use CODE tags on your own.

Quote:
Originally Posted by jacques83 View Post
Code:
Chain FORWARD (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        3   180 NETWORK_STATS  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
2        0     0 ACCEPT     all  --  eth0   eth1    0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
3        0     0 ACCEPT     all  --  eth0   eth2    0.0.0.0/0            0.0.0.0/0           
4        0     0 ACCEPT     all  --  eth2   eth0    0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
5        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
6        3   180 ACCEPT     all  --  eth2   eth0    0.0.0.0/0            10.1.1.2            state NEW 
7        0     0 ACCEPT     all  --  eth0   eth2    10.1.1.2             0.0.0.0/0           state NEW
Well, the policy isn't getting hit so that's good. The rule which allows the handshake to start is getting hit, which is good too. No packets in state ESTABLISHED seem to be passing through here, though, which is bad.

Quote:
Code:
root@r-4-TEST:~# iptables -nvL -t nat --line-numbers
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        1    60 DNAT       all  --  eth2   *       0.0.0.0/0            192.168.30.41       to:10.1.1.2 

Chain POSTROUTING (policy ACCEPT 1 packets, 60 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 SNAT       all  --  *      eth2    0.0.0.0/0            0.0.0.0/0           to:192.168.30.45 
2        0     0 SNAT       all  --  *      eth2    10.1.1.2             0.0.0.0/0           to:192.168.30.41
The first POSTROUTING rule conflicts with the second one. That is, packets exiting eth2 will get their source address changed to 192.168.30.45, regardless (the 192.168.30.41 rule doesn't stand a chance). To fix that, just invert the rule order. But still, that doesn't seem to be the underlying cause of your issue, since neither rule is getting hit.

I must ask: Are you sure that the SSH box (10.1.1.2 AFAICT) is properly setup? It seems to me that having the gateway address on it improperly configured could cause these very symptoms. Let us know.

Last edited by win32sux; 09-20-2010 at 09:40 PM.
 
Old 09-21-2010, 12:56 AM   #18
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by jacques83 View Post
Code:
1        3   180 NETWORK_STATS  all  --  *      *       0.0.0.0/0            0.0.0.0/0
BTW, have you tried killing this jump to check if the problem resides in NETWORK_STATS?
Code:
iptables -D FORWARD 1
 
Old 09-21-2010, 05:07 PM   #19
jacques83
Member
 
Registered: Nov 2005
Posts: 34

Original Poster
Rep: Reputation: 15
Thanks a lot for all your help. I was able to get this working finally. I was using an iso, and had some configuration issues for my vm (internal issues). After re-configuring my vm using a template, I was able to ssh from my public ip into the vm. This was the test case I tried to ensure the rules worked fine.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables rules to NAT or FORWARD packets between LAN clients templeton Linux - Networking 5 11-28-2010 09:00 AM
IPTABLES rules for NAT of machines through the PPP interface MarkEHansen Linux - Networking 6 06-15-2007 01:19 PM
Masquarade rules for NAT shipon_97 Linux - Networking 2 04-16-2006 05:34 PM
iptables rules for emule in nat box eantoranz Linux - Networking 3 08-08-2005 09:37 PM
iptables -t nat -L not showing all rules alpha-wolf Linux - Networking 0 08-14-2001 06:36 AM


All times are GMT -5. The time now is 09:50 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration