Re: ssh to NATed box fails
On the following setup:
Local end Remote end
Local box:ppp0-----------------------ppp0:NAT box:eth0---Other boxes
From the local end, I can ping the remote end OK, but I cannot ssh to it:
ssh fails with "ssh_exchange_identification: Connection closed by remote
host". Outgoing connections from the remote end work fine, though.
I suspect that this is because I omitted to set up an iptables rule on the
It does sound that you do to set up port forwarding because without it,
you won't be able to SSH to any of the internal machines. With regards
to the debug from the client, I am not sure if this output reflects a
connections to a server which has hosts.deny configured or not. Perhaps
someone else can verify this.
I did try to set this up, but only have one linux box (didn't think
putting 127.0.0.1 into hosts.deny was such a good idea). :D
What would do in this case, is, rather than forwarding port 22 to port
22 on an internal host, do say forward 10001 to internalhost1, 10002 to
internalhost2 etc. as required instead. Then leave 22 open for
connections to the box itself or block it off completely with an
At least then a script kiddy won't simply find port 22 open and start to
bruteforce your ssh password. He has to scan higher than normal to find
your SSH which he/she is less likely to do.
(am I asking for a flaming here??) ;)