/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */ On Sat, Oct 14, 2000 at 07:58:35AM -0700, Jag wrote: > On Fri, 13 Oct 2000, Whit wrote: > > > Just installed openssh 2.2.0p1 and discovered that while it works from the > > router, it does not work from behind the masquerade. Now the FAQ says ssh > > should work from behind the masq with no extra steps - but presumably that's > > the commercial product? Has any gotten openssh to work with masquerading? > > Yes, I'm using openssh from behind ipmasq at the moment to connect to > this shell where I read all my email. All I did was install the openssh > client and go. > > The ssh protocal (versions 1 and 2), are setup so that everything is > done over one tcp connection (unlike things like ftp), this allows the > client to connect from behind the ipmasq and everything work like > clockwork. If ssh isn't working from behind ipmasq, your masq setups > might have problems.. can you surf the web from this same machine? If > you can surf the web, you should also be able to ssh out. What's the > error message you get when you try to ssh out from behind ipmasq. Curious. Thanks for your report. >From my masqued machine not only can I surf the Web, but all the other typical stuff - this setup has worked well for a couple of years. There's no error message or log entry, openssh just hangs indefinitely. And as I say, from my server openssh works quite well. Running with ssh -v site.com they both show the same lines up through port allocation. it's just that only the server connects the remote site, while the masqued machine hangs forever without getting to "connection established." Both installations I built from the tar. The masqued machine is based on Redhat 6.0 while the server is based on Redhat 6.1 - but the masqued machine does fine with an ssh connection to the local server. Both these machines as well as the remote (based on Redhat 6.2) are running openssh 2.2.0p1. All have 2.2.17 kernels. My masquerading configuration is pretty standard: ipchains --masquerading \ --set 300 5 60 ipchains --append forward \ --jump MASQ \ --source $InternalNetwork \ --destination $Anywhere ipchains --append forward \ --jump DENY \ --source $Anywhere \ --destination $Anywhere -l \/\/ I-I I T Blauvelt [EMAIL PROTECTED] _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
