Can't access remote server from 1 network but can be access through another.

One of our customers has a linux firewall and had their isp changed from a partial t1 to a comcast cable modem connection.  I changed the firewall and network settings on the linux to work with the new comcast connection.  I can remotely access the linux server via ssh from one network (one of my other customers) but I cannot access it from my network.  Why is that?  When I do a tracert command from my computer it hits 3 comcast servers then stops right before it supposed to hit their gateway.  
AirotechexpertAsked:
Who is Participating?
 
rindiConnect With a Mentor Commented:
Ahh, I always that it was internal / external problem, so now it does look as if it is the provider.
0
 
wesly_chenCommented:
> I can remotely access the linux server via ssh from one network (one of my other customers) but I cannot access it from my network
How about the tracert from your customer network to your network?
Could you compare the tracert result of "from other customer to their network" with "from your network to their network"
as well as "from their network to other customer netwtk" with "from their network to your network"?

Also check their firewall setting.

It seems like the network routing issue somewhere between your network to their network.
0
 
rindiCommented:
Check your SSHD_Config file in /etc/ssh. You will probably find a setting "listenAddress" which is probably set to your external network adapter and not the internal adapter.

Also check your firewall settings, if the above doesn't help you are probably blocking SSH traffic in your firewall. What are you using? shorewall? Open port 22 for SSH to work.
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

 
AirotechexpertAuthor Commented:
I dont believe there is a problem with the ssh settings because I can't even ping the address from my network but I can ping from another external network and any other external network i've tried( we manage several customers through terminal servers).  Our firewall isn't blocking traffic on port 22 because we use ssh extensively to remotely access customers' linux servers.  It seems like I can't get anthing on their network.  

The traceroute is successful from my customer's network to mine.
To make things clear lets say the customer with the comcast cable modem connection and the linux server I'm trying to access is on network A.  My network is network B and another customer is network C.  When running a tracert from b -> a and c->a the difference is that b->a stops at A's gateway and just stop there but c->a hits A's gateway then goes onto one of A's external ip addresses.  

0
 
rindiCommented:
I need some more info. Am I correct in assuming you can't SSH to the linux box from the internal network, but you can SSH to via the Internet? Or are both connections coming from the inet?
0
 
wesly_chenCommented:
> I can't even ping the address from my network
> The traceroute is successful from my customer's network to mine.
> b->a stops at A's gateway and just stop there
> but c->a hits A's gateway then goes onto one of A's external ip addresses.
Could you do
b-> a
tracert "one of A's external ip addresses"

I suspect your network is blocked by the gateway A (Comcast's ?) for some reason.
I've some employee use comcast at home and have some trouble to use IPSec VPN to the company.
You may end up to check with Comcast technical support for this situation.

Wesly
0
 
AirotechexpertAuthor Commented:
rindi,

all 3 companies are on different networks.  I can ssh internally but not from the internet.  
0
 
AirotechexpertAuthor Commented:
I did call comcast a few days ago, I think you have to get lucky to get a guy that knows what he's talking about.  They told me they have no way to block any ip addresses....
0
 
wesly_chenCommented:
But the corrupted routing table or misconfigured access list on their router will cause the problem.
Well, then it need to reboot the router and I'm sure they won't do that unless there is a critical problem happened.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.