Avatar of Mark
Mark
 asked on

After changing gateway, ssh stops working

I have the following /etc/rc.d/rc.inet1.conf:

# Config information for eth0:
IPADDR[0]="xx.yy.zz.95"
NETMASK[0]="xx.yy.zz.192"
USE_DHCP[0]=""
DHCP_HOSTNAME[0]=""

# Config information for eth1:
IPADDR[1]="192.168.0.3"
NETMASK[1]="255.255.255.0"
USE_DHCP[1]=""
DHCP_HOSTNAME[1]=""

# Default gateway IP address:
GATEWAY="xx.yy.zz.65"

I changed the gateway to 192.168.0.1 (the address of the firewall/router) in order to get port forwarding to work to this computer. That is now working, but I can no longer access the eth0 IP properly from outside the LAN. If I ssh to myuser.mydomain.com (which resolves to xx.yy.zz.95) I get not connection and the /var/log/messages file gets an entry, "Apr  2 15:38:50 webserver sshd[10699]: Did not receive identification string from aa.bb.cc.98"

I can, however, telnet to this port and get a connection:

telnet mydomain.com 22
telnet xx.yy.zz.95 22

both of these give me a telnet connection.

Likewise I can telnet to port 80, but I can't actually open a web page via my browser, though I don't see an error entry in any webpage.

Does anyone have an idea about what I can do?
Linux DistributionsLinux NetworkingNetworkingLinuxNetwork Architecture

Avatar of undefined
Last Comment
ahoffmann

8/22/2022 - Mon
comfortjeanius

Enable debugging

To do this edit your sshd_config file:

 $ sudo nano /etc/ssh/sshd_config
 
Change

 LogLevel INFO

To

LogLevel DEBUG

Higher levels include DEBUG2 and DEBUG3 if needed.

On the client side to get more verbosity, try this:
 $ ssh -vvv user@host

http://scottlinux.com/2012/01/04/troubleshoot-ssh-authentication-failure/
Jan Bacher

Why wouldn't you leave your public gateway as is and create a static route for the traffic that you want port forwarded to the firewall?
Mark

ASKER
I believe I have found a solution. It may be what _jesper_ is suggesting, but I would have needed a bit more detail on "how to" create a static route.

I used the link: http://linlog.blogspot.com/2010/02/multiple-gateways-on-same-host.html as a guide, though that fellow was trying to solve a similar problem with one network card. The solution I needed which configures 2 gateways for 2 different network cards can be found in: https://www.experts-exchange.com/Networking/Linux_Networking/Q_28083608.html#a39042682

_jesper_, is that what you were talking about?
Your help has saved me hundreds of hours of internet surfing.
fblack61
Jan Bacher

Mark

ASKER
OK, that link describes what I need to do, but the link is for RedHat and I have Slackware. Apparently, one does not set up permanent routes the same in these distros. Slackware has no /etc/sysconfig/network-scripts/ folder, which is what that link uses.

Can someone give me the slackware command(s) to do this? I'm not familiar with this level of network setup. I basically monkey-typed the 'ip route add table' and 'ip rule add' commands from the link http://linlog.blogspot.com/2010/02/multiple-gateways-on-same-host.html, but the instructions on that link for making the route persistent (Fedora) were like the RedHat ones using /etc/sysconfig.

What I did to make the changes was:

$ echo "1 test" >> /etc/iproute2/rt_tables
$ ip route flush table test

$ ip route show table main | egrep -Ev "^default" | while read route
do
  ip route add table test $route
done

$ ip route add table test default via 192.168.0.1

# Listing the 2ndary table/gives:

$ ip route show table test
64.129.23.64/26 dev eth0  proto kernel  scope link  src 64.129.23.95
192.168.0.0/24 dev eth1  proto kernel  scope link  src 192.168.0.3
127.0.0.0/8 dev lo  scope link
default via 192.168.0.1 dev eth1

$ ip rule add from 192.168.0.3 lookup test
$ ip rule add to 192.168.0.3 lookup test


Here is my /etc/iproute2/rt_tables before I made the changes:

#
# reserved values
#
255     local
254     main
253     default
0       unspec
#
# local
#
#1      inr.ruhep

And here is it after I made the changes:

#
# reserved values
#
255     local
254     main
253     default
0       unspec
#
# local
#
#1      inr.ruhep
1 test


I suppose these tables and routes get deleted upon reboot? So, how to I do the above permanently in Slackware?
Jan Bacher

Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Mark

ASKER
_jesper_, thanks for the link. That link suggested *where* to define the routes (either in rc.local or rc.firewall), but not *how* to define the routes. Do you know how I would do this? Would I put all the commands I used in my post 39058850 in one of the rc. scripts? The whole while/do loop and everything? I can do that, but it seems like a bit of overkill to define a route.
Mark

ASKER
here's my guess:

route add -net 192.168.0.0/24 gw 192.168.0.1

would that all by itself do the trick? I'd like some feedback before I try it -- this is a production machine.

Since this is getting to be a rather long question, let's review:

I have 2 NICs, one at IP xx.129.23.95 and the other at IP 192.168.0.3. The default gateway is set to xx.129.23.65.

An up-stream router/firewall wants to forward all port 25 requests to 192.168.0.3, but that doesn't work with the xx.128.23.65 gateway. Setting the default gateway to 192.168.0.1 got the port 25 requests working, but no traffic on xx.127.23.95. I put the gateway back to xx.128.23.65 and to get port 25 traffic routing to 192.168.0.3 working, I went through elaborate procedure posted earlier.

Now, I just want to make a permanent static route so that all traffic for 192.168.0.3 will use 192.168.0.1 as the gateway. Will the 'route add' command at the top of this message do what I want?
Mark

ASKER
No ideas on this? I would think such a setup would be common. To simplify:

I have a linux/slackware host we'll call MAIL. It has 2 NICs:

xx.128.23.95  - connected to Internet on eth0
192.168.0.3  - connected to LAN on eth1
xx.129.23.65 - default gateway configured in /etc/rc.d/rc.inet1.conf

192.168.0.1 - is the LAN firewall/router, connected to Internet on  xx.129.23.80. It forwards port 25 to 192.168.0.3

I need all traffic for 192.168.0.xx to use the 192.168.0.1 as a gateway.

These don't work:

route add -net 192.56.76.0 netmask 255.255.255.0 dev eth1
route add -net 192.168.0.0  netmask 255.255.255.0 gw 192.168.0.1 dev eth1
route add default gw 192.168.0.1 eth1

Various experiments, including at least the last example above, will permit me to connect to MAIL via xx.129.23.80:25, but I lose ability to connect to any port via xx.128.23.95:[22,80,...]

It seems I can connect to MAIL from the Internet either to xx.128.23.95:anyport, or xx.129.23.80:25, but not both unless I go through that rather elaborate route table creating process.

Is there not a simple 'route' or 'ip' command or two I can run to do what I want?
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
ASKER CERTIFIED SOLUTION
Jan Bacher

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ahoffmann

> Did not receive identification string from
you get this error message when you use connections not using SSL, as you did with telnet
but if you get that message, your client can connect the server which then does not sound like a routing problem