SSH Question - Please Help

The Magnet · External Since: Aug 29, 2009 Posts: 1

Hi,

I am having an issue with routing & SSH. I think this used to work,
it's been so long I do not remember. Maybe someone who is smarter
than me can help.

I have 2 machines, both running Cent-OS, both have 2 NIC cards. One
of the machines is visible from the internet, the other is not. I've
re-configured the SSH port on both machines to be 443. Everything
works on the box visible from the internet. No issue there.

Internally the two boxes are connected by the other NIC. So, the
machines are connected by a network cable, not going through the
switch.

I've posted some information from the boxes below. Can you see
anything? I've also posted some stuff from the other box. Can you
see anything? And actually I see that somehow one of the cards got an
address of 192.168.2.135. I'd like that on the same subnet, and
change it to 192.168.1.135

Any help is greatly appreciated! And many thanks!

Working box: 192.168.1.170 / Second NIC: 192.168.1.175
Other box: 192.168.1.130 / Second NIC: 192.168.2.135

I can ping the machine fine:
ping 192.168.1.130
PING 192.168.1.130 (192.168.1.130) 56(84) bytes of data.
64 bytes from 192.168.1.130: icmp_seq=0 ttl=64 time=0.211 ms

ping 192.168.2.135
PING 192.168.2.135 (192.168.2.135) 56(84) bytes of data.
64 bytes from 192.168.2.135: icmp_seq=0 ttl=64 time=1.95 ms

However, if I try to SSH to the box, I get an error:

ssh -p 443 192.168.1.130
ssh: connect to host 192.168.1.130 port 443: No route to host

ssh -p 443 192.168.2.135
ssh: connect to host 192.168.2.135 port 443: No route to host

WORKING BOX, VISIBLE FROM INTERNET
Routing table:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref
Use Iface
192.168.2.0 * 255.255.255.0 U 0 0
0 eth1
192.168.1.0 * 255.255.255.0 U 0 0
0 eth0
169.254.0.0 * 255.255.0.0 U 0 0
0 eth1
default 192.168.1.1 0.0.0.0 UG 0 0
0 eth0

IP TABLES
/sbin/iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0
0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0
0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type
255
ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0

OTHER BOX, VISIBLE ONLY INSIDE:
Routing table:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref
Use Iface
192.168.2.0 * 255.255.255.0 U 0 0
0 eth0
192.168.1.0 * 255.255.255.0 U 0 0
0 eth1
169.254.0.0 * 255.255.0.0 U 0 0
0 eth1
default 192.168.1.1 0.0.0.0 UG 0 0
0 eth1

IPTABLES some small differences):
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0
0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0
0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type
255
ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:
5353
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:
631
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:
631
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:25
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:22
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-
with icmp-host-prohibited

"Man-wai Chang to The Doo · External Since: Jul 05, 2009 Posts: 9

> Working box: 192.168.1.170 / Second NIC: 192.168.1.175
> Other box: 192.168.1.130 / Second NIC: 192.168.2.135

Better draw a network diagram!

> I can ping the machine fine:
> ping 192.168.1.130
> PING 192.168.1.130 (192.168.1.130) 56(84) bytes of data.
> 64 bytes from 192.168.1.130: icmp_seq=0 ttl=64 time=0.211 ms
> ping 192.168.2.135
> PING 192.168.2.135 (192.168.2.135) 56(84) bytes of data.
> 64 bytes from 192.168.2.135: icmp_seq=0 ttl=64 time=1.95 ms

From which PC?

> However, if I try to SSH to the box, I get an error:
>
> ssh -p 443 192.168.1.130
> ssh: connect to host 192.168.1.130 port 443: No route to host
>
> ssh -p 443 192.168.2.135
> ssh: connect to host 192.168.2.135 port 443: No route to host

What if you disable the firewalls?

--
@~@ Might, Courage, Vision, SINCERITY.
/ v \ Simplicity is Beauty! May the Force and Farce be with you!
/( _ )\ (Ubuntu 9.04) Linux 2.6.30.5
^ ^ 19:23:02 up 1 day 1:17 1 user load average: 1.21 1.35 1.38
不借貸! 不詐騙! 不援交! 不打交! 不打劫! 不自殺! 請考慮綜援 (CSSA):
http://www.swd.gov.hk/tc/index/site_pubsvc/page_socsecu/sub_addressesa

Allen McIntosh · External Since: Apr 23, 2005 Posts: 141

The Magnet wrote:
> I am having an issue with routing & SSH. I think this used to work,
> it's been so long I do not remember. Maybe someone who is smarter
> than me can help.
>
> I have 2 machines, both running Cent-OS, both have 2 NIC cards. One
> of the machines is visible from the internet, the other is not. I've
> re-configured the SSH port on both machines to be 443. Everything
> works on the box visible from the internet. No issue there.
>
> Internally the two boxes are connected by the other NIC. So, the
> machines are connected by a network cable, not going through the
> switch.
>
> I've posted some information from the boxes below. Can you see
> anything? I've also posted some stuff from the other box. Can you
> see anything? And actually I see that somehow one of the cards got an
> address of 192.168.2.135. I'd like that on the same subnet, and
> change it to 192.168.1.135
>
> Any help is greatly appreciated! And many thanks!
>
> Working box: 192.168.1.170 / Second NIC: 192.168.1.175
> Other box: 192.168.1.130 / Second NIC: 192.168.2.135
>
> I can ping the machine fine:
> ping 192.168.1.130
> PING 192.168.1.130 (192.168.1.130) 56(84) bytes of data.
> 64 bytes from 192.168.1.130: icmp_seq=0 ttl=64 time=0.211 ms
>
> ping 192.168.2.135
> PING 192.168.2.135 (192.168.2.135) 56(84) bytes of data.
> 64 bytes from 192.168.2.135: icmp_seq=0 ttl=64 time=1.95 ms
>
> However, if I try to SSH to the box, I get an error:
>
> ssh -p 443 192.168.1.130
> ssh: connect to host 192.168.1.130 port 443: No route to host
>
> ssh -p 443 192.168.2.135
> ssh: connect to host 192.168.2.135 port 443: No route to ho
>
>
>
> WORKING BOX, VISIBLE FROM INTERNET
> Routing table:
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref
> Use Iface
> 192.168.2.0 * 255.255.255.0 U 0 0
> 0 eth1
> 192.168.1.0 * 255.255.255.0 U 0 0
> 0 eth0
> 169.254.0.0 * 255.255.0.0 U 0 0
> 0 eth1
> default 192.168.1.1 0.0.0.0 UG 0 0
> 0 eth0

This problem comes up fairly often.

Short answer: Check archives of this group.

Longer answer: You are appear to be using a strange combination of
192.168.1.0 and 192.168.2.0 for the network connecting the two machines.
Don't do this. Use 192.168.2.0 only. Give both machines 192.168.2.0
addresses on this network and use 192.168.2.0 for the network address.
(Posting output of ifconfig is a good idea, BTW. This lets us know that
the NIC address is what you say it is.)

darklord · Joined: Oct 22, 2009 Posts: 1