On Sep 12, 2006, at 11:09 PM, Stewart Stremler wrote:
So this is just SSH reporting a bogus error message (or passing one on)? I would have expected "No response from host" for a DROP, not a "No route to host". But, of course, I didn't set up a little test subnet to try it out. I assumed -- there's that word again -- that error messages would give an indication as to the actual problem.
No, it's just that nobody seems to report a useful error message when a connection is reset with "icmp-host-prohibited". I.e., if the packet is dropped with:
iptables -A INPUT -m tcp -p tcp --dport 22 \
-j REJECT --reject-with icmp-host-prohibited
SSH will tell you "no route to host" even if you can ping and access
other (allowed) services on selfsame host.
Gregory -- Gregory K. Ruiz-Ade <[EMAIL PROTECTED]> OpenPGP Key ID: EAF4844B keyserver: pgpkeys.mit.edu
PGP.sig
Description: This is a digitally signed message part
-- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
