Trying to get SSH working between different networks [ RESOLVED ]

2

I need to use ssh between two machines in different networks. I think I have done all right, but obviously not. So I need some help.

The network has the following schema:

Internet
     |
     |
   ROUTER/SWITCH  ( Zyxel P-660HW-D1 )
     |            |-> public ip xxx.xxx.xxx.xxx ( does not mean)
     |            |-> lan ip 192.168.1.1/240 (28)
     |
     |
     |
     |---------- Centos Server 
     |            |-> lan ip 192.168.1.3/255.255.255.240
     |            |-> iptables tuned to accept ssh from 192.168.0.0/29 on port 5119
     |
     |
    NEUTRAL ROUTER/SWITCH (Linksys WRT54GL ) Corporate network
         |        |-> public ip 192.168.1.2  
         |        |-> lan ip's 192.168.0.1/255.255.255.248 (29)
         |
         |
    |------------|
    |   PC-1     |------------> I am here
    |------------|   |
                     |-> ip 192.168.0.6

I am connected to PC-1 from wan. Having read about the routers, I have done the following changes:

Linksys WRT54GL

    * Under advanced routing tab, created a new route with the following settings:

       Destination Lan IP 192.168.1.3
       Subnet Mask 255.255.255.248
       Default gateway 192.168.1.1
       Interface: WAN

Zyxel P-660HW-D1

    * Under telnet, configure a new filter with the following settings:
       Filter TCP/IP rule
       Ip source route NO
       Destination
          Ip addr: 0.0.0.0
          ip netmask 255.255.255.240
          Port #= 5119
          Port # Comp = Equal
        Source
          Ip addr: 0.0.0.0
          ip netmask 255.255.255.248
          Port #= 5119
          Port # Comp = Equal            
        TCP Estab = Yes

There is no firewall or other software issues.

I am trying to connect to Centos Server from PC-1 using 192.168.1.3 ip but I can´t.

Can you tell me what's is wrong ?

[RESOLVED ] The issue was the linksys route was not pointing to 
other router public ip.

So, this is the correct configuration:

Linksys WRT54GL

    * Under advanced routing tab, created a new route with the following settings:

       ...
       Default gateway  192.168.1.2
       ...

ppk

Posted 2012-09-11T22:57:43.467

Reputation: 123

Answers

0

The CentOS server probably doesn't know the route to the 192.168.0/24 network. Most likely it has the Zyxel P-660HW-D1 as it's default gateway and no other knowledge of the other LAN segment. You can confirm this using netstat -nron the CentOS server.

  • Add a static route (route add) on the CentOS server, or
  • Configure the route in the Zyxel P-660HW-D1 (It should then do ICMP redirects)

The answer is based on this topology (I've simplified the subnetting for clarity):

( Internet )
     |
+----+----------+ 
| [ADSL modem]  |
|    |          |
| [Router]      | Zyxel
|    |     .1   |                                     \
| [Switch]      |                                     |
+--OOOO---------+                  +------------+     | 
   | |                          .3 |            |     |
   | `-----------------------------o            |     > 192.168.1.x Subnet
   |                               |            |     |
   |                               +------------+     |
   |                                   Server         |
+--O------------+ Linksys                             |
|  |       1.2  |                                     /
| [Router]      |
|    |     0.1  |
| [Switch]      |                                     \
+--OOOO---------+                                     |
    |                             +------------+      |
    |                         .6  |            |      |
    `-----------------------------o            |      > 192.168.0.x Subnet
                                  |            |      |
                                  +------------+      |
                                        PC            |
                                                      /

In IP terms (ignoring irrelevant low level Ethernet stuff) that is identical to

         .................
         .  Internet     .
         .               .
         .               .
         .  +----o----+  .
         ...|.........|...
            | Router  |
         ...|.........|.......................
         .  +----o----+       subnet 1       .
         .                                   .
         .                   +-------+       .
         .                   o Server|       .
         .                   +-------+       .
         .  +----o----+                      .
         ...|.........|.......................
            | Router  |
         ...|.........|.......................
         .  +----o----+       subnet 0       .
         .                                   .
         .                   +-------+       .
         .                   o PC    |       .
         .                   +-------+       .
         .....................................

Server needs to know there are two routers (not just one default).
Server needs to know what places each router leads to.

The server on 192.168.1.x needs to know that traffic for 192.168.0.x has to be directed to 192.168.1.2 (not to 192.168.1.1) - That is achieved by specifying a specific and separate route.

These routers are configurable, if your IP topology doesn't match my diagram, this answer won't apply.

RedGrittyBrick

Posted 2012-09-11T22:57:43.467

Reputation: 70 632

I think I don't understand you. The Centos Server it's alone in own network. Only it's connected to internet through Zyxel router. And the other network are connected to Zyxel via Linksys neutral router. WAN ==> Zyxel <== Linksys <==== corporate network – ppk – 2012-09-11T23:18:41.370

See updated answer. Between Server's subnet and PC's subnet is the router in the Linksys, Server needs to be told that. – RedGrittyBrick – 2012-09-12T10:57:47.877

Asked: 2012-09-11T22:57:43.467

Viewed: 1 101 times

Active: 2012-09-12T11:49:19.070