Routing issue: I want to open SSH

15 pts.
Tags:
Cisco Routers
Cisco switches
Cisco VLAN
Network Configuration
Routers
SSH
Hi, I would like to get help, I have 2 computers: computer A with 1 network card, IP 172.19.3.22 DG 172.19.3.254 computer B with 2 network cards, ETH0 IP 172.19.35.75 DG 172.19.35.254 ETH1 IP 10.0.0.2 DG 10.0.0.254 Between the computers I have cisco switch with 2 Vlans, Vlan 3 for computer A and Vlan 35 for Computer B (ETH0) I want to open SSH from computer A to 10.0.0.2 (on ETH1 10.0.0.2 computer B). What should the best way to do it??
ASKED: June 20, 2010  9:27 AM
UPDATED: June 29, 2010  6:46 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.

Are you able to ping 172.19.35.75 from 172.19.3.22 – i.e., do you have a route between VLANs?

If yes, then just “ssh 172.19.35.75″ from 172.19.3.22 – anyway, you are not connecting to an interface (eth0, eth1) – but to a host (B) through any of its interfaces.

If not – set up a route between VLANs.

Regards,

Petko

Discuss This Question: 4  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Tomoshik
    Hi Petka, Thanks for your help. Yes I have ping to 172.19.35.75. Computer A and computer B (ETH0) connected to the same switch and the routing is working wall. but I missed very imported thing in my question, I want to open SSH to 10.0.0.3 (not 10.0.0.2) that connected to computer B ETH1 sorry for the miss understanding,
    15 pointsBadges:
    report
  • petkoa
    Well, this is another issue. You have two easy options. The first is NAT on the Linux box - I assume that host B, the one with interfaces eth0 and eth1 is a Linux box. Then I assume that IP forwarding is activated and that there are no filter rules in FORWARD chain which will disallow ssh traffic between networks. I'm not assuming that there is any NAT rules. These two commands: iptables -t nat -A POSTROUTING -s 10.0.0.3/32 -o eth0 -j SNAT --to-source 172.19.35.75 iptables -t nat -A PREROUTING -d 172.19.35.75 -i eth0 -p tcp -m tcp --dport -j DNAT --to-destination 10.0.0.3:22 will ensure (1) address translation of 10.0.0.3 outbound packets (omit the first command if you have similar or more general rule in place); (2) forwarding of inbound packets to port 10022 (quite arbitrary - use any other free port) to port 22 on 10.0.0.3. Then ssh -p 10022 172.19.35.75 The second option is to use ssh port forwarding of sshd on host B- then you don't need NAT or, AFAIK, even activation of IP forwarding. You'd start with permitting of port forwarding in the /etc/sshd_config on host B. Write - or uncomment, or modify the following lines: AllowTcpForwarding yes GatewayPorts yes and restart the sshd. Then activate the port forwarding "tunnel" issuing this from host A: ssh -f -L 10022:10.0.0.3:22 172.19.35.75 sleep 30 This forwards local port 10022 (on A) to port 22 on 10.0.0.3 through sshd on 172.19.35.75... Then in next 30 seconds - if you modify "sleep 30" part, you can have some more time - start ssh terminal on host A to 10.0.0.3: ssh -p 10022 127.0.0.1 Though sleep will end after the time specified, the port forwarding ssh session to host B will not close until the ssh terminal session to 10.0.0.3 is up. Good luck, Petko
    3,120 pointsBadges:
    report
  • Tomoshik
    [...] Originally posted here:  Routing issue: I want to open SSH [...]
    0 pointsBadges:
    report
  • petkoa
    Hi Tomoshik, Did any of the suggestions work for you? Petko
    3,120 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following