Home > IT Answers > Networking > Routing issue: I want to open SSH
Tomoshik
15 pts.
 Routing issue: I want to open SSH
Cisco switches, Cisco VLAN, SSH, Cisco Routers, Routers, Network Configuration
Hi,
I would like to get help,

I have 2 computers:
computer A with 1 network card, IP 172.19.3.22 DG 172.19.3.254
computer B with 2 network cards, ETH0 IP 172.19.35.75 DG 172.19.35.254
ETH1 IP 10.0.0.2 DG 10.0.0.254
Between the computers I have cisco switch with 2 Vlans,
Vlan 3 for computer A and Vlan 35 for Computer B (ETH0)

I want to open SSH from computer A to 10.0.0.2 (on ETH1 10.0.0.2 computer B).

What should the best way to do it??
ASKED: Jun 20, 2010  9:27 AM GMT
UPDATED: June 29, 2010  6:46:16 PM GMT
RELATED QUESTIONS
Petkoa
3,060 pts.
Answer Wiki:
Are you able to ping 172.19.35.75 from 172.19.3.22 - i.e., do you have a route between VLANs?

If yes, then just "ssh 172.19.35.75" from 172.19.3.22 - anyway, you are not connecting to an interface (eth0, eth1) - but to a host (B) through any of its interfaces.

If not - set up a route between VLANs.

Regards,

Petko
Last Wiki Answer Submitted:  Jun 21, 2010  8:48 PM (GMT)  by  Petkoa   3,060 pts.
To see other answers submitted to the Answer Wiki View Answer History.
RSS - Discussions Help
Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _



 

Hi Petka,
Thanks for your help.

Yes I have ping to 172.19.35.75.
Computer A and computer B (ETH0) connected to the same switch and the routing is working wall.

but I missed very imported thing in my question,
I want to open SSH to 10.0.0.3 (not 10.0.0.2) that connected to computer B ETH1

sorry for the miss understanding,

Tomoshik
 15 pts.
 

Well, this is another issue.

You have two easy options. The first is NAT on the Linux box - I assume that host B, the one with interfaces eth0 and eth1 is a Linux box. Then I assume that IP forwarding is activated and that there are no filter rules in FORWARD chain which will disallow ssh traffic between networks. I’m not assuming that there is any NAT rules. These two commands:

iptables -t nat -A POSTROUTING -s 10.0.0.3/32 -o eth0 -j SNAT –to-source 172.19.35.75
iptables -t nat -A PREROUTING -d 172.19.35.75 -i eth0 -p tcp -m tcp –dport -j DNAT –to-destination 10.0.0.3:22

will ensure (1) address translation of 10.0.0.3 outbound packets (omit the first command if you have similar or more general rule in place); (2) forwarding of inbound packets to port 10022 (quite arbitrary - use any other free port) to port 22 on 10.0.0.3. Then

ssh -p 10022 172.19.35.75

The second option is to use ssh port forwarding of sshd on host B- then you don’t need NAT or, AFAIK, even activation of IP forwarding. You’d start with permitting of port forwarding in the /etc/sshd_config on host B. Write - or uncomment, or modify the following lines:

AllowTcpForwarding yes
GatewayPorts yes

and restart the sshd. Then activate the port forwarding “tunnel” issuing this from host A:

ssh -f -L 10022:10.0.0.3:22 172.19.35.75 sleep 30

This forwards local port 10022 (on A) to port 22 on 10.0.0.3 through sshd on 172.19.35.75… Then in next 30 seconds - if you modify “sleep 30″ part, you can have some more time - start ssh terminal on host A to 10.0.0.3:

ssh -p 10022 127.0.0.1

Though sleep will end after the time specified, the port forwarding ssh session to host B will not close until the ssh terminal session to 10.0.0.3 is up.

Good luck,

Petko

Petkoa
 3,060 pts.
 

[...] Originally posted here:  Routing issue: I want to open SSH [...]

Routing issue: I want to open SSH
 0 pts.
 

Hi Tomoshik,

Did any of the suggestions work for you?

Petko

Petkoa
 3,060 pts.