no,
i have 2 "real" ips :)
answer was ok, and i got the problem myself.
i configured eth0 as firewall, blocking nearly all, requests, and
outgoing too. i started up a 2nd interface and now, openssh tried to get
out and then automatically took eth1 as outgoing inferface coz it
was "open".
greeting and thank you for help my friends. :)
-andy
--------------------------------------------------------------------------------
andreas sartori hellbrunnerstrasse 34
Datenbankadministration & unix support 5020 salzburg, austria
zid - universitaet salzburg tel: +43 (662) 8044-6731
http://www.sbg.ac.at/zid/people/sartori/sartori.htm fax: +43 (662) 629842
--------------------------------------------------------------------------------
On Mon, 27 Nov 2000, Jack McKinney wrote:
> Big Brother tells me that Roeland Meyer wrote:
> > Use static routes.
> >
>
> I think you misunderstood his problem. If he means what I think he
> means, then I am interested in the answer also.
>
> Suppose you have a linux box with two ethernet cards acting as a
> firewall. Specifically, eth0 connects to the outside world and has
> a 'real' IP, but eth1 points to the internal network and has a
> reserved address such as 192.168.1.1.
> We aren't doing any Masquerading/NAT here. Instead, the firewall
> is running a proxy web server and a mail server. Intenal people get
> their mail from and send their mail to the firewall, and the firewall
> forwards mail out, etc., etc. NO routing between the networks.
> Suppose that I login to the firewall and want to ssh out to some
> other machine out in the real world. If ssh decides to bind() to
> 192.168.1.1 for the local end of the socket, then the connection to
> the outside world will fail.
> This is exactly the situation that I may find myself in fairly soon,
> and it is a problem with MANY applications which just bind() to IPADDR_ANY
> (or whatever its called; I forget), leaving it up to the OS to pick an
> IP on a multi-homed system. With servers, like sshd, one can force it
> to listen() on a specific IP. With clients, though, the IP it needs to
> bind() locally may depend on the remote IP...
>
> --
> "There is no parameter that makes it impossible Jack McKinney
> for you to perform still more excellently." [EMAIL PROTECTED]
> -Mario Cuomo, on the lack of a clock in baseball http://www.lorentz.com
> 1024D/D68F2C07 4096g/38AEF076
>
