[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssh to NATed box fails



On Thu, Jan 01, 2004 at 10:02:36PM +0000, Colin Watson wrote:
> On Thu, Jan 01, 2004 at 07:30:39PM +0000, Pigeon wrote:
> > On the following setup:
> > 
> >         Local end                                         Remote end
> > 	                  Internet                            LAN
> > 	Local box:ppp0-----------------------ppp0:NAT box:eth0---Other boxes
> > 	
> > From the local end, I can ping the remote end OK, but I cannot ssh to it:
> > ssh fails with "ssh_exchange_identification: Connection closed by remote
> > host". Outgoing connections from the remote end work fine, though.
> 
> Perhaps the remote end is configured with 'ALL: PARANOID' in hosts.deny,

Can't check without going there :-) but I'm fairly sure this is the case,
from memory.

> and your reverse DNS is wrong? That's a common cause of ssh connections
> failing in the manner you describe, since tcp-wrappers checks happen at
> about that stage.

Ah yes, reverse DNS is wrong - on the local end I get:

pigeon@droitwichbox:~$ hostname
droitwichbox.dyndns.org
pigeon@droitwichbox:~$ host droitwichbox.dyndns.org
droitwichbox.dyndns.org has address 195.40.200.248
pigeon@droitwichbox:~$ host 195.40.200.248
248.200.40.195.in-addr.arpa domain name pointer tnt-5-248.easynet.co.uk.
pigeon@droitwichbox:~$ 

...so it looks like I need to temporarily reconfigure the local end's
hostname according to the above result, and try again the next time the
remote end comes online (it's not on all the time, it has crontab entries to
connect/disconnect at certain times).

Excellent, thanks!

-- 
Pigeon

Be kind to pigeons
Get my GPG key here: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x21C61F7F

Attachment: pgp7XMlCs8lDR.pgp
Description: PGP signature


Reply to: