ssh connection is not allowed in NAT, SUSE 9.2

R. DuFresne dufresne at
Tue Jul 19 16:59:37 CEST 2005

Hash: SHA1

and tpcd is not getting in the way, correct?


Ron DuFresne

On Tue, 19 Jul 2005, Jörg Harmuth wrote:

> Fatih TURKMEN schrieb:
>> Hi everybody,
>> I am trying to create small NAT network on SUSE 9.2
>> computers.I don't know what is missing in my iptables
>> policy but I have added three rules for SNAT:
>> 1) iptables -t nat -A POSTROUTING -o eth0 -j
>> 2) iptables -A FORWARD -i eth0 -o eth1 -m state
>> 3) iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
>> I stopped firewalls on local computers, and installed
>> ssh server/client on all computers.I can ssh to local
>> machines from locals.But I can't ssh to nat
>> server.Also I can only ping one computer from NAT
>> Server.
>> When I try to ssh to local clients from NAT server I
>> got either  "No route to host" or "Connection refused"
>> although I stopped firewalls on locals and set the NAT
>> server as the default gateway for local clients.
> Would you mind to provide the full ruleset of your nat box ? Preferably
> the output of iptables-save ? A description of your network layout could
> be helpfull too (networks, NICs,...). As there is "No route to host" the
> routing table could give some enlightment. There are at least two
> interfaces, so - is ip-forwarding enabled ? What does
> netstat -tulpn | grep ':22'
> give on the respective boxes ? When trying to connect via SSH to no
> avail, what does
> tcpdump -ni <respective_inerface>
> give (try reducing other traffic) ? Questions over questions :)
> Have a nice time,
> Joerg

- -- 
         admin & senior security consultant:
Key fingerprint = 9401 4B13 B918 164C 647A  E838 B2DF AFCC 94B0 6629

...We waste time looking for the perfect lover
instead of creating the perfect love.

                 -Tom Robbins <Still Life With Woodpecker>
Version: GnuPG v1.2.4 (GNU/Linux)


More information about the netfilter mailing list