Avatar of Mark
 asked on

After changing gateway, ssh stops working

I have the following /etc/rc.d/rc.inet1.conf:

# Config information for eth0:

# Config information for eth1:

# Default gateway IP address:

I changed the gateway to (the address of the firewall/router) in order to get port forwarding to work to this computer. That is now working, but I can no longer access the eth0 IP properly from outside the LAN. If I ssh to myuser.mydomain.com (which resolves to xx.yy.zz.95) I get not connection and the /var/log/messages file gets an entry, "Apr  2 15:38:50 webserver sshd[10699]: Did not receive identification string from aa.bb.cc.98"

I can, however, telnet to this port and get a connection:

telnet mydomain.com 22
telnet xx.yy.zz.95 22

both of these give me a telnet connection.

Likewise I can telnet to port 80, but I can't actually open a web page via my browser, though I don't see an error entry in any webpage.

Does anyone have an idea about what I can do?
Linux DistributionsLinux NetworkingNetworkingLinuxNetwork Architecture

Avatar of undefined
Last Comment

8/22/2022 - Mon

Enable debugging

To do this edit your sshd_config file:

 $ sudo nano /etc/ssh/sshd_config

 LogLevel INFO


LogLevel DEBUG

Higher levels include DEBUG2 and DEBUG3 if needed.

On the client side to get more verbosity, try this:
 $ ssh -vvv user@host

Jan Bacher

Why wouldn't you leave your public gateway as is and create a static route for the traffic that you want port forwarded to the firewall?

I believe I have found a solution. It may be what _jesper_ is suggesting, but I would have needed a bit more detail on "how to" create a static route.

I used the link: http://linlog.blogspot.com/2010/02/multiple-gateways-on-same-host.html as a guide, though that fellow was trying to solve a similar problem with one network card. The solution I needed which configures 2 gateways for 2 different network cards can be found in: https://www.experts-exchange.com/Networking/Linux_Networking/Q_28083608.html#a39042682

_jesper_, is that what you were talking about?
Your help has saved me hundreds of hours of internet surfing.
Jan Bacher


OK, that link describes what I need to do, but the link is for RedHat and I have Slackware. Apparently, one does not set up permanent routes the same in these distros. Slackware has no /etc/sysconfig/network-scripts/ folder, which is what that link uses.

Can someone give me the slackware command(s) to do this? I'm not familiar with this level of network setup. I basically monkey-typed the 'ip route add table' and 'ip rule add' commands from the link http://linlog.blogspot.com/2010/02/multiple-gateways-on-same-host.html, but the instructions on that link for making the route persistent (Fedora) were like the RedHat ones using /etc/sysconfig.

What I did to make the changes was:

$ echo "1 test" >> /etc/iproute2/rt_tables
$ ip route flush table test

$ ip route show table main | egrep -Ev "^default" | while read route
  ip route add table test $route

$ ip route add table test default via

# Listing the 2ndary table/gives:

$ ip route show table test dev eth0  proto kernel  scope link  src dev eth1  proto kernel  scope link  src dev lo  scope link
default via dev eth1

$ ip rule add from lookup test
$ ip rule add to lookup test

Here is my /etc/iproute2/rt_tables before I made the changes:

# reserved values
255     local
254     main
253     default
0       unspec
# local
#1      inr.ruhep

And here is it after I made the changes:

# reserved values
255     local
254     main
253     default
0       unspec
# local
#1      inr.ruhep
1 test

I suppose these tables and routes get deleted upon reboot? So, how to I do the above permanently in Slackware?
Jan Bacher

Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.

_jesper_, thanks for the link. That link suggested *where* to define the routes (either in rc.local or rc.firewall), but not *how* to define the routes. Do you know how I would do this? Would I put all the commands I used in my post 39058850 in one of the rc. scripts? The whole while/do loop and everything? I can do that, but it seems like a bit of overkill to define a route.

here's my guess:

route add -net gw

would that all by itself do the trick? I'd like some feedback before I try it -- this is a production machine.

Since this is getting to be a rather long question, let's review:

I have 2 NICs, one at IP xx.129.23.95 and the other at IP The default gateway is set to xx.129.23.65.

An up-stream router/firewall wants to forward all port 25 requests to, but that doesn't work with the xx.128.23.65 gateway. Setting the default gateway to got the port 25 requests working, but no traffic on xx.127.23.95. I put the gateway back to xx.128.23.65 and to get port 25 traffic routing to working, I went through elaborate procedure posted earlier.

Now, I just want to make a permanent static route so that all traffic for will use as the gateway. Will the 'route add' command at the top of this message do what I want?

No ideas on this? I would think such a setup would be common. To simplify:

I have a linux/slackware host we'll call MAIL. It has 2 NICs:

xx.128.23.95  - connected to Internet on eth0  - connected to LAN on eth1
xx.129.23.65 - default gateway configured in /etc/rc.d/rc.inet1.conf - is the LAN firewall/router, connected to Internet on  xx.129.23.80. It forwards port 25 to

I need all traffic for 192.168.0.xx to use the as a gateway.

These don't work:

route add -net netmask dev eth1
route add -net  netmask gw dev eth1
route add default gw eth1

Various experiments, including at least the last example above, will permit me to connect to MAIL via xx.129.23.80:25, but I lose ability to connect to any port via xx.128.23.95:[22,80,...]

It seems I can connect to MAIL from the Internet either to xx.128.23.95:anyport, or xx.129.23.80:25, but not both unless I go through that rather elaborate route table creating process.

Is there not a simple 'route' or 'ip' command or two I can run to do what I want?
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
Jan Bacher

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question

> Did not receive identification string from
you get this error message when you use connections not using SSL, as you did with telnet
but if you get that message, your client can connect the server which then does not sound like a routing problem