ssh connection is not allowed in NAT, SUSE 9.2

Fatih TURKMEN fatihturkmen99 at yahoo.com
Thu Jul 21 14:41:06 CEST 2005 

Thank you guys for your replies. I got the problem. It
was because of the second network interface. Somehow
second NIC is not working (functioning) and when I try
to up it, it  stays down.
Now the question is what can be happening with second
NIC?

Thanks in advance.

Fatih TURKMEN
 
--- Jörg Harmuth <harmuth at mnemon.de> wrote:

> Fatih TURKMEN schrieb:
> > Hi everybody,
> > I am trying to create small NAT network on SUSE
> 9.2
> > computers.I don't know what is missing in my
> iptables
> > policy but I have added three rules for SNAT:
> > 
> > 1) iptables -t nat -A POSTROUTING -o eth0 -j
> > MASQUERADE
> > 2) iptables -A FORWARD -i eth0 -o eth1 -m state
> > --state RELATEd,ESTABLISHED -j ACCEPT
> > 3) iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
> > 
> > I stopped firewalls on local computers, and
> installed
> > ssh server/client on all computers.I can ssh to
> local
> > machines from locals.But I can't ssh to nat
> > server.Also I can only ping one computer from NAT
> > Server.
> > When I try to ssh to local clients from NAT server
> I
> > got either  "No route to host" or "Connection
> refused"
> > although I stopped firewalls on locals and set the
> NAT
> > server as the default gateway for local clients.
> 
> Would you mind to provide the full ruleset of your
> nat box ? Preferably
> the output of iptables-save ? A description of your
> network layout could
> be helpfull too (networks, NICs,...). As there is
> "No route to host" the
> routing table could give some enlightment. There are
> at least two
> interfaces, so - is ip-forwarding enabled ? What
> does
> 
> netstat -tulpn | grep ':22'
> 
> give on the respective boxes ? When trying to
> connect via SSH to no
> avail, what does
> 
> tcpdump -ni <respective_inerface>
> 
> give (try reducing other traffic) ? Questions over
> questions :)
> 
> Have a nice time,
> 
> Joerg
> 
> 
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

More information about the netfilter mailing list