ssh problem with dhcp router
Hello,every one,
I'v a problem when sshing to a remote host A(192.168.168.a),which is a internal workstation behind a router B(202.x.29.b).I'm now assigned an address C(192.168.0.c),by a dhcp router D(202.x.24.d). I can ping through the gateway 202.x.29.1, 202.x.24.1 ,router B and D,yet I can't add all the routes with the error message "SIOCADDRT: Network is unreachable".When I was formerly in 202.x.29.1 segment,ssh worked perfect with route B. Below's my tracepath: jwshaw.punch@16:41:04:\> tracepath 202.x.29.b 1: 192.168.0.104 (192.168.0.104) 0.265ms pmtu 1500 1: 192.168.0.1 (192.168.0.1) 0.722ms 2: 202.x.24.1 (202.x.24.1) 1.949ms 3: 202.x.29.b (202.x.29.b) 2.337ms reached Resume: pmtu 1500 hops 3 back 3 And ifconfig eth0 Link encap:Ethernet HWaddr 00:16:36:3F:6E:91 inet addr:192.168.0.104 Bcast:192.168.0.255 Mask:255.255.255.0 UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1 RX packets:9323 errors:0 dropped:0 overruns:0 frame:0 TX packets:9166 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:7849626 (7.4 Mb) TX bytes:2052827 (1.9 Mb) Interrupt:18 Thank you in advance Jewelshaw |
Hi Jewelshaw,
if I understand you correctly, you are trying to route packets to a private address (192.168.x.x) through the Internet. That won't work. You will have to set up a tunnel between routers B and D, preferably by way of a VPN. Cheers Rupert |
Rupert,
You caught the point.Actually I used to ssh to the host A(192) through the router B(202) when I was assigned directly in the 202 segment, without VPN. Well, Can I make a tunnel between B and D,without VPN,'cause as a unix host itself, should router B run a VPN server? Or else I was totally wrong about VPN? Regards Jewel |
By the way,I can ssh to router B, and on host B,ssh to workstation A. Does it imply anything?
|
Hi Jewelshaw,
that "ssh-hopping" will of course work. But it doesn't imply anything with respect to the routing. No packet is actually routed from you to A. In order to route traffic from C to A, you will have to setup a VPN. If both routers B and D are Linux machines then it won't be much of an issue. I'd suggest openswan, which is pretty easy to set up. Basically you can choose between either: - tunnel between routers B and D which will connect your two private networks. This will be the most comfortable solution, if possible. - tunnel from your workstation C to remote router B. That way, just your workstation will be able to communicate with the network behind B. ( a direct tunnel from C to A would obviously not work, as that would just put you back to square one...) Rupert |
All times are GMT -5. The time now is 03:58 PM. |