Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 17th December 2010, 02:23
Romoku Romoku is offline
Junior Member
 
Join Date: Jun 2010
Posts: 14
Thanks: 4
Thanked 9 Times in 3 Posts
 
Default Way to debug incoming connection?

Quote:
Hello,

Its been a long time since I've posted and some nice guides have come around, however, I have found that I require more techniques as I dive deeper into the linux world.

Problem:

I have a CentOS box running with two NICs, one with a public address and the other NIC has a router in between it and the internet.

Well I am trying to configure SSH on the box to go through the private address, lets say 192.168.10.205 instead of the public address.

I have set the router to port forward public port 20522 to port 22 private side and I set sshd_config to listen on 192.168.10.205.

When I connect with putty to the router's external ip, port 20522, putty throws a timeout. I do not really have a clue as to how to debug this problem with my experience.

I have read up on adding multiple static routes to my different subnets, but it seems confusing and I do not know if it is appropriate. SSH works on the public address, but not the private address+port forward.

I will keep looking into it and post results if I figure it out on my own.

Thanks,


Romoku

edit:

I have found the <theoretical> problem. I need to setup source based routing for eth0 and eth1 to return their packets back from where they got them. Google isn't very helpful in my queries, but I will keep looking.
ALRIGHT, I figured out the solution in a timely manner.

From: This dude.

Basically one needs to use iproute2 in order to allow traffic shaping. It could probably be done with iptables, but I know nothing and you can have fun with that.

<Generalization starts now>

iproute2 contains tables which can be checked using iprules

You will want separate tables for each device probably.

Start by editing the /etc/iproute2/rt_tables

#nano /etc/iproute2/rt_tables

Now add two new tables to the bottom of the file, it looks roughly like this:

#
# reserved values
#
255 local
254 main
253 default
0 unspec
#
# local
#
#
#1 inr.ruhep


now add:

#
# reserved values
#
255 local
254 main
253 default
0 unspec
#
# local
#
#
#1 inr.ruhep
1 WAN1
2 LAN1


Now save and we have some tables.

Next start is to actually ADD something to the tables. I will use an example yyy.yyy.yyy.yyy for wan and xxx.xxx.xxx.xxx for lan.
For this part yyy.yyy.yyy.yyy and xxx.xxx.xxx.xxx should be the GATEWAY the interface is connected to. I do not know whether to create a new table for eth0:0 or vlan type setups. Will append later.

from the terminal:

#ip route add default via yyy.yyy.yyy.yyy dev eth0 tab 1
#ip route add default via xxx.xxx.xxx.xxx dev eth1 tab 2


Now check the tables.

#ip route show table 1
default via via yyy.yyy.yyy.yyy dev eth0

#ip route show table 2
default via xxx.xxx.xxx.xxx dev eth1


Everything should be shiny and now we need RULES.
yyy.yyy.yyy.yyy/ww and xxx.xxx.xxx.xxx/zz should be IP ADDRESSES while ww and zz are the subnet in CIDR notation and are assigned to the interfaces eth0 and eth1. e.g. 192.168.0.100/24
tl;dr yyy.yyy.yyy.yyy/ww = 192.168.0.100/24 CIDR Notation yyy.yyy.yyy.yyy is the IP ADDRESS of the interface.

type in the terminal:

#ip rule add from yyy.yyy.yyy.yyy/ww tab 1 priority 500
#ip rule add from xxx.xxx.xxx.xxx/zz tab 2 priority 600

Another e.g. just to get the point across:
#ip rule add from 192.168.0.100/24 tab 1 priority 500

Now we check to make sure the rules are added:

#ip rule show
0: from all lookup local
500: from yyy.yyy.yyy.yyy lookup wan1
600: from xxx.xxx.xxx.xxx lookup lan1
32766: from all lookup main
32767: from all lookup 253


We are almost done:

#ip route flush cache

Now we should be done. I have run into a problem. (nvm)The changes do not stay and I will figure out a way to keep the changes saved(/nvm).

edit:

Alright to make the changes permanent we must edit /etc/rc.d/rc.local

#nano /etc/rc.d/rc.local

Append

ip route add default via yyy.yyy.yyy.yyy dev eth0 tab 1 #GATEWAY 1
ip route add default via xxx.xxx.xxx.xxx dev eth1 tab 2 #GATEWAY 2
ip rule add from yyy.yyy.yyy.yyy/ww tab 1 priority 500 #IP ADDRESS 1
ip rule add from xxx.xxx.xxx.xxx/zz tab 2 priority 600 #IP ADDRESS 2


To the BOTTOM of the file. We are done.

In conclusion: This is why we cannot have nice things.

tl;dr I know nothing.


-Romoku

Last edited by Romoku; 17th December 2010 at 04:52.
Reply With Quote
The Following User Says Thank You to Romoku For This Useful Post:
falko (17th December 2010)
Sponsored Links
Reply

Bookmarks

Tags
iproute2, linux, routing, static, static routing

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ispconfig 3 cant receive emails lishaw1968 Installation/Configuration 25 19th August 2013 10:37
FreeRadius + MySQL working, but I don't know how to customise SQL queries awe Installation/Configuration 4 4th April 2010 23:28
ISPConfig 3 Send/Receive mail not working. Acidut General 6 4th April 2010 11:24
Mail not working epicuniversal General 5 13th June 2009 08:24
/tmp filled with clamav files --> user over quota ArnOS Installation/Configuration 28 15th March 2008 09:19


All times are GMT +2. The time now is 00:17.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.