Re: ssh to NATed box fails
On Thu, Jan 01, 2004 at 07:30:39PM +0000, Pigeon wrote:
> On the following setup:
> Local end Remote end
> Internet LAN
> Local box:ppp0-----------------------ppp0:NAT box:eth0---Other boxes
> From the local end, I can ping the remote end OK, but I cannot ssh to it:
> ssh fails with "ssh_exchange_identification: Connection closed by remote
> host". Outgoing connections from the remote end work fine, though.
> I suspect that this is because I omitted to set up an iptables rule on the
> NAT box at the remote end to forward incoming connections on port 22 to one
> of the "other boxes", and therefore my only recourse is to physically go to
> the remote end and set up such a rule - inconvenient and expensive! Or else
> I've got /etc/hosts.deny at the remote end blocking non-local hosts.
No, your -vvv log shows that the client established a connection with
Perhaps the remote end is configured with 'ALL: PARANOID' in hosts.deny,
and your reverse DNS is wrong? That's a common cause of ssh connections
failing in the manner you describe, since tcp-wrappers checks happen at
about that stage.
Colin Watson [firstname.lastname@example.org]