Re: multihome box: why ssh over only one interface?

---

• From: "sean darcy" <seandarcy2@xxxxxxxxx>
• Date: Tue, 25 Nov 2008 19:05:14 -0500

---

Thanks for the suggestions. I'm pretty certain sshd should be
listening on all the interfaces:

ListenAddress is not set in sshd_config since the default is all ( right?):

sshd[29394]: debug1: Bind to port 22 on 0.0.0.0.
sshd[29394]: Server listening on 0.0.0.0 port 22.
sshd[29394]: debug1: Bind to port 22 on ::.
sshd[29394]: Server listening on :: port 22.

netstat -an | grep ':22 ' | grep LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:*
LISTEN
tcp 0 0 :::22 :::*
LISTEN

Which leaves routing issues. I am puzzled why sshd doesn't see/show
the incoming packets even at debug3. I can understand how it couldn't
complete authentication if the routing was messed up, but should it
see the incoming packets. Oh, well...

I reset sysctl.conf:

/etc/sysctl.conf:
net.ipv4.conf.default.rp_filter = 0

Now eth0 is the default gateway. And I'd like to leave it that way.
The eth3 interface is meant just for voip. But I'd also like to be
able to use ssh on both external interfaces.

ip rule add from <eth3's ip address>/32 table 128 priority 128

That worked, or at least didn't give any error, which puzzled me since
I didn't set up table 128.

But the next part was tougher:

ip route add default via <eth3's default gateway ip> table 128

eth3 is a verizon dsl line, that has a gateway of 10.32.173.xxx, which
isn't in the same net as my ip address 173.x.y.z. After some messing
around I set

route add -net 10.32.0.0 netmask 255.255.0.0 dev eth3

then

ip route add default via <eth3's default gateway ip> table 128

that worked.

And now I can ssh into both addresses. Stunned, but thankful and pleased.

Thanks for all the help.

sean

---

• References:
  • multihome box: why ssh over only one interface?
    • From: sean darcy
  • Re: multihome box: why ssh over only one interface?
    • From: Orlin Gueorguiev

• Prev by Date: Re: making telnet secure
• Next by Date: ssh error krb5 LINUX openssh
• Previous by thread: Re: multihome box: why ssh over only one interface?
• Next by thread: Re: multihome box: why ssh over only one interface?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Routing Problem ... If you have multiple interfaces and you configure a default gateway for each ... FreeBSD's routing table at any one time for default route traffic, ... In FreeBSD, you can manually configure the routing table for the individual ... (freebsd-questions) Re: Maybe useful if you use a laptop for web dev... ... >>> I never could make DNS and Apache work if I had it setup to localhost. ... >>> machines on he network DNS queries failed. ... >> interfaces as they get addresses, and stop listening on interfaces as they ... (uk.comp.sys.mac) Re: ISA2004 - multiple external interfaces ... Tom and Deb Shinder's Configuring ISA Server 2004 ... MVP -- ISA Firewalls ... Firewalls need at least two interfaces -- put a second NIC in that ISA ... (IE - the default gateway). ... (microsoft.public.isa) Re: Dynamic DNS ... if we make one of the interfaces of the server2 to get dynamic IP ... > This is why I suggest the customer to use static IP on the gateway. ... >>> How to dynamically register a certain interface? ... (microsoft.public.windows.server.dns) RE: Using Fedora as firewall. ... configuring two network interfaces. ... This sounds like you specified a default gateway on the eth1 interface. ... network interfaces. ... Just make sure you edit the eth1 config and make ... (Fedora)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)