> What does your firewall rule look like for SSH?
>
no firewall rules yet, just straight NAT
map 172.16.2.0 172.16.2.255 204.254.188.0
I'm trying to get everything working before I apply any filter rules.
At present there is only the one host and a router (NAT) box with all
ports open in both directions.
could the problem be with the ssh host itself?? It thinks it has a
172.xxx address. If it delivers that to the sshd on the other end, no
connection will ever be made. The hosts file contains only the
native address, not the public one. Could this be a problem?
Michael
> It should look something like this, but I do remember something
> about someone needing to set it to 1021 or higher.
>
> Try this and see if it helps:
> out = port 22 (sshd receives connections)
> in = port 1021 or higher (ssh clients receives responses)
>
> If you don't mind, let me know what happens.
>
> Thanks,
>
> -Anne
>
> At 12:56 PM 9/16/99 -0800, Michael wrote:
> >I've used ssh 1.2.xx for several years now on multiple sites.
> >I have my very first site which is behind a firewall that uses NAT.
> >I can ssh into the host at that site without difficulty, but can not
> >ssh OUT from the host behind the NAT translator.
> >
> >here is the response from the sshd daemon on the other end
> >
> >gins2:~# ssh -v gins1
> >SSH Version 1.2.26 [i686-unknown-linux], protocol version 1.5.
> >Standard version. Does not use RSAREF.
> >gins2: Reading configuration data /etc/ssh_config
> >gins2: ssh_connect: getuid 0 geteuid 0 anon 0
> >gins2: Connecting to gins1 [172.16.1.2] port 22.
> >gins2: Allocated local port 1023.
> >gins2: connect: Connection refused
> >gins2: Connecting to gins1 [63.76.112.2] port 22.
> >gins2: Allocated local port 1023.
> >gins2: connect: Connection refused
> >gins2: Trying again...
> >Secure connection to gins1 refused; reverting to insecure method.
> >Using rsh. WARNING: Connection will not be encrypted.
> >etc.....
> >
> >the ssh_config and sshd_config files are identical on the two
> >machines and on machines at other sites that can successfully connect
> >to both of the hosts above (gins1, gins2). The difficulty appears to
> >be with the client machine going out through NAT and receiving the
> >connection back.
> >
> >Any clues??
> >
> >Michael
> >[EMAIL PROTECTED]
> >
> >
> --
> Anne Carasik
> SSH Communications Security Inc.
> Mountain View, California
> Email: [EMAIL PROTECTED], [EMAIL PROTECTED]
> #include <standarddisclaimer.h>
>
