ssh connection is not allowed in NAT, SUSE 9.2
fatihturkmen99 at yahoo.com
Thu Jul 21 14:41:06 CEST 2005
Thank you guys for your replies. I got the problem. It
was because of the second network interface. Somehow
second NIC is not working (functioning) and when I try
to up it, it stays down.
Now the question is what can be happening with second
Thanks in advance.
--- Jörg Harmuth <harmuth at mnemon.de> wrote:
> Fatih TURKMEN schrieb:
> > Hi everybody,
> > I am trying to create small NAT network on SUSE
> > computers.I don't know what is missing in my
> > policy but I have added three rules for SNAT:
> > 1) iptables -t nat -A POSTROUTING -o eth0 -j
> > MASQUERADE
> > 2) iptables -A FORWARD -i eth0 -o eth1 -m state
> > --state RELATEd,ESTABLISHED -j ACCEPT
> > 3) iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
> > I stopped firewalls on local computers, and
> > ssh server/client on all computers.I can ssh to
> > machines from locals.But I can't ssh to nat
> > server.Also I can only ping one computer from NAT
> > Server.
> > When I try to ssh to local clients from NAT server
> > got either "No route to host" or "Connection
> > although I stopped firewalls on locals and set the
> > server as the default gateway for local clients.
> Would you mind to provide the full ruleset of your
> nat box ? Preferably
> the output of iptables-save ? A description of your
> network layout could
> be helpfull too (networks, NICs,...). As there is
> "No route to host" the
> routing table could give some enlightment. There are
> at least two
> interfaces, so - is ip-forwarding enabled ? What
> netstat -tulpn | grep ':22'
> give on the respective boxes ? When trying to
> connect via SSH to no
> avail, what does
> tcpdump -ni <respective_inerface>
> give (try reducing other traffic) ? Questions over
> questions :)
> Have a nice time,
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
More information about the netfilter