• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 260
  • Last Modified:

Can't access remote server from 1 network but can be access through another.

One of our customers has a linux firewall and had their isp changed from a partial t1 to a comcast cable modem connection.  I changed the firewall and network settings on the linux to work with the new comcast connection.  I can remotely access the linux server via ssh from one network (one of my other customers) but I cannot access it from my network.  Why is that?  When I do a tracert command from my computer it hits 3 comcast servers then stops right before it supposed to hit their gateway.  
0
Airotechexpert
Asked:
Airotechexpert
  • 3
  • 3
  • 3
1 Solution
 
wesly_chenCommented:
> I can remotely access the linux server via ssh from one network (one of my other customers) but I cannot access it from my network
How about the tracert from your customer network to your network?
Could you compare the tracert result of "from other customer to their network" with "from your network to their network"
as well as "from their network to other customer netwtk" with "from their network to your network"?

Also check their firewall setting.

It seems like the network routing issue somewhere between your network to their network.
0
 
rindiCommented:
Check your SSHD_Config file in /etc/ssh. You will probably find a setting "listenAddress" which is probably set to your external network adapter and not the internal adapter.

Also check your firewall settings, if the above doesn't help you are probably blocking SSH traffic in your firewall. What are you using? shorewall? Open port 22 for SSH to work.
0
 
AirotechexpertAuthor Commented:
I dont believe there is a problem with the ssh settings because I can't even ping the address from my network but I can ping from another external network and any other external network i've tried( we manage several customers through terminal servers).  Our firewall isn't blocking traffic on port 22 because we use ssh extensively to remotely access customers' linux servers.  It seems like I can't get anthing on their network.  

The traceroute is successful from my customer's network to mine.
To make things clear lets say the customer with the comcast cable modem connection and the linux server I'm trying to access is on network A.  My network is network B and another customer is network C.  When running a tracert from b -> a and c->a the difference is that b->a stops at A's gateway and just stop there but c->a hits A's gateway then goes onto one of A's external ip addresses.  

0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
rindiCommented:
I need some more info. Am I correct in assuming you can't SSH to the linux box from the internal network, but you can SSH to via the Internet? Or are both connections coming from the inet?
0
 
wesly_chenCommented:
> I can't even ping the address from my network
> The traceroute is successful from my customer's network to mine.
> b->a stops at A's gateway and just stop there
> but c->a hits A's gateway then goes onto one of A's external ip addresses.
Could you do
b-> a
tracert "one of A's external ip addresses"

I suspect your network is blocked by the gateway A (Comcast's ?) for some reason.
I've some employee use comcast at home and have some trouble to use IPSec VPN to the company.
You may end up to check with Comcast technical support for this situation.

Wesly
0
 
AirotechexpertAuthor Commented:
rindi,

all 3 companies are on different networks.  I can ssh internally but not from the internet.  
0
 
AirotechexpertAuthor Commented:
I did call comcast a few days ago, I think you have to get lucky to get a guy that knows what he's talking about.  They told me they have no way to block any ip addresses....
0
 
wesly_chenCommented:
But the corrupted routing table or misconfigured access list on their router will cause the problem.
Well, then it need to reboot the router and I'm sure they won't do that unless there is a critical problem happened.
0
 
rindiCommented:
Ahh, I always that it was internal / external problem, so now it does look as if it is the provider.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now