LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 02-01-2005, 05:19 PM   #1
UncleEricB
LQ Newbie
 
Registered: Feb 2005
Posts: 2

Rep: Reputation: 0
This is killing me


Hello,
Brief Summary: I can't ssh across a Netgear WGR614 router.
Background: Behind my cable 'modem', I have a D-Link router. Plugged into that is a Fedora Core 3 box (new/vanilla) and a Netgear WGR614 wireless router. Behind the Netgear is a WinXP desktop and a WinXP laptop.
                &nbs p;                &n bsp;        "Interweb"
                &nbs p;                &n bsp;               |
                &nbs p;                &n bsp;       D-Link Router
                &nbs p;                &n bsp;       (192.168.0.1)
                &nbs p;                &n bsp;                 |
                &nbs p;   |-------------------------------------|
         (192.168.0.111)                 &nbs p;             (192.168.0.110)
          Netgear Router               &nbs p;                &n bsp; Fedora Core 3
         (192.168.10.1)
                &nbs p;   |
         |--------------------|
     (192.168.10.2)     (192.168.10.3)
         Laptop      &nbs p;       Desktop


I want to ssh from my Laptop and Desktop to my Fedora box. Why do I have my home network setup this way? Just so I can learn by playing around. Sure, I could move it all onto the same subnet but that wouldn't be as much 'fun'.
I've tried setting up routes from one box to the other. I tried poking holes in the Netgear firewall. I tried setting the Desktop in the Netgear's DMZ. No dice.
When I have a route from Fedora to the other subnet, I can ping both sides of the Netgear, i.e.
Fedora> route add -net 192.168.10.0 netmask 255.255.255.0 gw 192.168.0.111 eth1
Fedora> ping 192.168.0.111 // WORKS
Fedora> ping 192.168.10.1 // WORKS
Fedora> ping 192.168.10.3 // DOESN'T WORK!
NOTE: I can ping Desktop from Laptop, so Desktop responds to pings.

I get identical behavior from Laptop and Desktop so I'll only mention Desktop here. I can ping Fedora from Desktop but I can't ssh to it or telnet to port 22
Desktop> ping 192.168.0.110 // WORKS
Desktop> telnet 192.168.0.110 22 // DOESN'T WORK!

Now, when I'm pinging and sshing from Desktop to Fedora, I have iptraf running on Fedora. The IP traffic monitor tells me that the pings are getting through and responded to. It also shows that the ssh requests are getting through but can't be responded to. I get this in the log:
<date string>; ICMP; eth1; 76 bytes; <source MAC>
from 192.168.0.110 to 192.168.0.111; dest unrch (host comm denied)

Is this an SELinux thing? Or simply a NAT problem? I've tried port forwarding on Netgear for port 22 to Desktop. That isn't my preferred solution b/c then Laptop can't ssh to Fedora. Besides that, it didn't work.
Is there a way I can ssh from Desktop & Laptop to Fedora?

Thanks,
Ol' Uncle Eric
 
Old 02-01-2005, 06:58 PM   #2
comprookie2000
Gentoo Developer
 
Registered: Feb 2004
Location: Fort Lauderdale FL.
Distribution: Gentoo
Posts: 3,291
Blog Entries: 5

Rep: Reputation: 58
Did you do something like this
$IPTABLES -A INPUT --protocol tcp --dport 22 -j ACCEPT
 
Old 02-01-2005, 09:41 PM   #3
UncleEricB
LQ Newbie
 
Registered: Feb 2005
Posts: 2

Original Poster
Rep: Reputation: 0
Eureka, the bathwater is hot! It works. I've played a little with iptables but just didn't see it as the issue here. I got thrown off by working pings. I guess iptables/netfilter is my project of the week.
FTR, I had to experiment a little. The command as it stands below inserts the rule into the INPUT chain. As such, it was the second of two rules. Fedora 3 default installs a command previously that redirects everything to RH-Firewall-1-INPUT. So my first use of the command below put it below the first command and therefore 'out of sight' (wasn't reached). I read a little and changed it to
Fedora> iptables -I RH-Firewall-1-INPUT 8 --protocol tcp --dport 22 -j ACCEPT

This put the rule at slot 8 which is just above the last REJECT rule. Now it works! I might go back and add something to make it only work for Laptop and Desktop.

Thanks so much!
Uncle Eric
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Killing a process by its name rabeea Linux - Networking 3 03-17-2005 05:30 AM
Killing the checksums antares Linux - Networking 1 08-21-2004 08:53 AM
killing synaptic ehdwuld Linux - Software 6 10-07-2003 03:38 PM
killing X jabberwock486 Linux - Newbie 7 09-10-2003 11:59 AM
Killing X ? sp0t Linux - Newbie 7 08-17-2002 07:53 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 08:06 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration