?
Solved

problem with ssh redhat, 2 nic cards, one route

Posted on 2003-03-02
4
Medium Priority
?
507 Views
Last Modified: 2008-03-06
I've had a redhat server running for about 8 months now, I just decided to put it on the local subnet as well though and I've had nothing but problems.

Here's the setup
I have my isp connected to a hub, which goes to the server and a router, then I have another connection from the router going back into the server on my other nic card

so eth0 - say 147.32.342.12 my server ip
and eth1 - 192.168.100.103

for the most part I don't have any problems, however when people try to remoting ssh they cannot connect.

I however do not have a problem connecting through either of them, both 147.32.342.12 works, and 192.168.100.103 work for me.

my var/log/secure looks something like this

Mar  2 14:20:34 IceServer sshd[14057]: Accepted password for sean from 136.159.xx.xxx port 1585 ssh2
Mar  2 14:34:00 IceServer sshd[13973]: Received disconnect from 136.159.xx.xxx: 11: Disconnect requested by Windows SSH Client.
Mar  2 14:48:41 IceServer sshd[13917]: Received signal 15; terminating.
Mar  2 14:50:32 IceServer sshd[1098]: Server listening on 0.0.0.0 port 22.
Mar  2 14:56:06 IceServer sshd[1435]: Could not reverse map address 192.168.100.103.
Mar  2 14:56:07 IceServer sshd[1435]: Accepted password for root from 192.168.100.103 port 4480

I thought it was something to do with my routing tables that maybe my router was blocking it...
here is my route table

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.100.0   *               255.255.255.0   U     0      0        0 eth1
68.xxx.xx.0     *               255.255.252.0   U     0      0        0 eth0
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
default         192.168.100.1   0.0.0.0         UG    0      0        0 eth1
default         68.xxx.xx.x     0.0.0.0         UG    0      0        0 eth0

Extra points if someone can tell me why my sendmail is now saying "relaying denied possible forged ip" now even though before I was on the subnet I didn't have the problem

thank you
0
Comment
Question by:DaK00L1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 8

Expert Comment

by:heskyttberg
ID: 8056874
Hi!

Remove the default gateway for 192.168.100.1.
I think this is what's confusing both sendmail and ssh.

You should only have one default route.
If you want to route to some other subnet set it up with another rule.

So if you need to go through an internal router to get to let's say 192.168.200.0 then add that route by itself telling it to use 192.168.100.1 as router.

As this is setup connection get's in on outer interface.
your ssh server tries to contact the remote host going out on 192.168.100.1 router telling remote host it can establish connection on let's say port 4100 on IP 192.168.100.103

Which remote client can't find and asks to close connection.

Regards
/Hans - Erik Skyttberg
0
 
LVL 2

Author Comment

by:DaK00L1
ID: 8059368
ya that was my initial thought too.  
when I remove the default 192.168.100.1, and restart my network the dchp always adds it again.. how to do I prevent that
0
 
LVL 8

Accepted Solution

by:
heskyttberg earned 320 total points
ID: 8060646
Hi!

Setup a static IP on the LAN device for linux, don't use DHCP.

Regards
/Hans - Erik Skyttberg
0
 
LVL 2

Author Comment

by:DaK00L1
ID: 8069496
that was probably the easiest 80 points you ever made :)

but the sendmail was a DNS problem, just happened to occur at the same time.

thanks a lot it was very simple... and it works good.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question