Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 6 Dec 2000 08:50:23 -0500 (EST)
From:      Jim Freeze <jim@freeze.org>
To:        cjclark@alum.mit.edu
Cc:        questions@FreeBSD.ORG
Subject:   Re: Can no longer ssh
Message-ID:  <Pine.BSF.4.21.0012060837060.20229-100000@www.bellnetworks.net>
In-Reply-To: <20001206001059.G99903@149.211.6.64.reflexcom.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

On Wed, 6 Dec 2000, Crist J . Clark wrote:

> Could you tell us again what does and does not work? In your last
> mail, you were ssh'ing to localhost and getting messages from sshd
> about attempts to login as root? So, does,
> 
>   $ ssh -v -l joeuser localhost
> 
> Work sometimes?

ssh -v -l jfreeze localhost

works all the time, even with the divert rule listed below.
What did not work was ssh'ing into my gateway machine from a remote host.
To make it work, I removed rule 100 (divert rule listed below). So, now I
can ssh into my gateway machine but by removing the divert rule, I have
apparently broken natd's ability to work, ie, the machines on my private
LAN can no longer access the outside world.

The ssh firewall rule I am using is:

# SSH Login - Allow & Log all incoming
${fwcmd} add pass log tcp from any to any 22 in via ${oif} setup

I looks like the divert rule is interfering with the firewall rule.

Jim


> On Tue, Dec 05, 2000 at 10:16:06PM -0500, Jim Freeze wrote:
> > As I keep working on this issue, I keep inching forward. The ssh login
> > 'su' garbage below was my mistake. In setting up the LAN I changed the
> > name of my gateway. That is now fixed.
> > 
> > I verfied ssh was working by removing all the firewall rules with
> > 
> > # ipfw -f flush
> > 
> > Reading some of the postings on mailing list suggestd that divert should
> > come after the firewall rules.
> > 
> > My rules started out with 
> > 
> > 00100 0   0 divert 8668 ip from any to any via vx0
> > 00150 0   0 allow ip from any to any via lo0
> > ...
> > 
> > If I remove 100
> > 
> > then ssh works, but of course I have killed my lan. I tried moving divert
> > toward the end, but have not been sucessfull.
> > 
> > Can someone shed some light on this for me?
> 
> -- 
> Crist J. Clark                           cjclark@alum.mit.edu
> 

====================================================
Jim Freeze
jim@freeze.org
--------------------------------------------------- 
** http://www.freeze.org **
====================================================



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0012060837060.20229-100000>