Odd tcp dump? was: ssh working with dialup, not through router

Tom 'Needs A Hat' Mitchell mitch48 at sbcglobal.net
Sun May 16 01:33:21 UTC 2004 

On Sat, May 15, 2004 at 11:51:31PM +0200, M. Fioretti wrote:
> 
> still trying to track why ssh doesn't work anymore, see my original
> posting.

If dialup is ok and through a router is not 
you are most likely looking at a routing issue.
The dialup is getting setup via DHCP correctly
and something is missing in the other context.

Does ping interact with the far machine in both directions.
i.e. check "ping -R" and "traceroute" for strange things.

Are you using  RFC 1918, ...Private Internet numbers behind
the router?  Remember that these nets are not routeable!

    # When setting up a Win2K network using TCP/IP, you will have to use a
    # unique IP address for each machine.  The Internet Assigned Numbers
    # Authority (IANA) has set aside several ranges of IP numbers that can be
    # freely used over private networks (Internet routers will not route them).
    # Here are the IP address ranges that are designated private:
    # see RFC 1918, "Address Allocation for Private Internets"

    #10.0.0.0 - 10.255.255.255
    #172.16.0.0 - 172.31.255.255
    #192.168.0.0 - 192.168.255.255

If so to get out you may need to connect via a sox proxy at the
firewall/router as these nets are not routeable.  A dialup ppp can
give you a routed net number.  Getting into a RFC1918 net should not
be facilitated via routes except via a single NAT port mapping sort of
connection.

Can your ADSL router 192.168.1.1. act in NAT mode?  Router+RFC1918
addresses smell like a problem but perhaps the language is simply
being used in a fuzzy way.

Hand crafted host routes to fully qualified host name behind the
router may work (I have not tried this). i.e. your ADSL router has an
external address that is routed and an internal address that is not
routed. By connecting to the external address of the router (host
route) a one hop connection might be possible to hosts on the inside.

Host routes are painful for router software.  I expect that any host
route your ADSL router might publish would be dropped by your ISP.
But hand crafted routes might be possible.

Lastly make sure that DNS is correct, other have addressed this (pun intended).


-- 
	T o m  M i t c h e l l 
	/dev/null the ultimate in secure storage.

More information about the fedora-list mailing list