[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssh to NATed box fails

Pigeon wrote:

On the following setup:

       Local end                                         Remote end
	                  Internet                            LAN
	Local box:ppp0-----------------------ppp0:NAT box:eth0---Other boxes
From the local end, I can ping the remote end OK, but I cannot ssh to it:
ssh fails with "ssh_exchange_identification: Connection closed by remote
host". Outgoing connections from the remote end work fine, though.

I suspect that this is because I omitted to set up an iptables rule on the


It does sound that you do to set up port forwarding because without it, you won't be able to SSH to any of the internal machines. With regards to the debug from the client, I am not sure if this output reflects a connections to a server which has hosts.deny configured or not. Perhaps someone else can verify this. I did try to set this up, but only have one linux box (didn't think putting into hosts.deny was such a good idea). :D

What would do in this case, is, rather than forwarding port 22 to port 22 on an internal host, do say forward 10001 to internalhost1, 10002 to internalhost2 etc. as required instead. Then leave 22 open for connections to the box itself or block it off completely with an iptables rule.

At least then a script kiddy won't simply find port 22 open and start to bruteforce your ssh password. He has to scan higher than normal to find your SSH which he/she is less likely to do.

(am I asking for a flaming here??) ;)


Reply to: