Login or Register to Ask a Question and Join Our Community


Red Hat

SSH broke and network traffic / talking issue between hosts and server

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Linux Red Hat SSH broke and network traffic / talking issue between hosts and server
# 1  
Old 02-12-2009
SSH broke and network traffic / talking issue between hosts and server
Ok Time warner cable / voip modem feeding Cisco PIX 501 Wan port from PIX 501 LAN port to WAN port on Linksys wrt54GL wireless router.

so

-->Modem-->PIX 501-->WRT54GL-->Linux Server, wireless desktop, wireless laptop (2), Wireless MAC Pro, Wireless Apple TV, Wireless printer.

my wrt54gl is configured to hand out leases from 192.168.8.2 starting address to 192.168.8.12 ending address (10 leases total) the default gateway is 192.168.8.1

I have the linux box (Centos 5.2) plugged into the linksysy wrt54gl by wire

I was under the assumption that as long as anything on the linksys had an address of 192.168.8.X they could talk back and forth through the linksys without going out to the PIX.

I want my linux box to be statically assigned to 192.168.8.100

when i do this i cant ping any of the leased addresses, nor pull up google.com or ping it. however if i statically assign it to one the free lease addresses it works fine and can be pinged.

that is my first problem and i dont know how to fix it.

My second problem is i had sshd working fine but i changed the sshd_config to listenaddress at 192.168.8.0 it wasnt working so i changed that to 192.168.0.0 and did a service sshd restart and it keeps giving me failed on stop but ok on start but service sshd status returns sshd dead but subsystem locked.

when i had it at listenaddress 0.0.0.0 it was working fine.

what is going on here?
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. IP Networking

I would like to monitor network traffic for a computer on my network

My son does homework on a school laptop. I was thinking about setting up a gateway on my home network, so that I can monitor web traffic and know if he is doing his homework without standing over his shoulder. Ideally I would like to use the Raspberry Pi Model b that I already have. However, I... (15 Replies)
Discussion started by: gandolf989
15 Replies

2. UNIX for Dummies Questions & Answers

Network Issue on virtual server

I have a virtual (vmware player) on which i have two small RHEL 6.7 servers and two win7pro 64 bit guest nodes running. #virt. host issue: accessible remotely but difficulty joining domain. The virtual host itself uses static IP and it is accessible. It is using win 7 pro 64 bit, as its host... (2 Replies)
Discussion started by: rsheikh01
2 Replies

3. Proxy Server

IPtable rules for DNS/http/https traffic for specific hosts only, not working.

Hi there, I have a VPS and am working on a little side project for myself and friend which is a DNS proxy. Everything was great till recently. My VPS IP has been detected by some botnet or something, and I believe SMURF attacks are occuring. The VPS provider keeps shutting down my VPS... (3 Replies)
Discussion started by: phi0x
3 Replies

4. Solaris

Ssh connection broke after patching

Hi, I have a user - e3t3user on two Solaris-10 servers. We did patching source server and after that e3t3user is not able to ssh from one server to another. Passwordless ssh connection is setup between both servers (with ssh keys share). I am not able to figure out, where it is failing. Here is... (1 Reply)
Discussion started by: solaris_1977
1 Replies

5. Solaris

nestat on server involved in high traffic network

Hi All My Server is doing a very intense netowrk traffic operations and the cards are under very high pressure. I need to call NETSTAT on the shell. Do you know whether this command, under high pressure, might have some impact on the server traffic or can I proceed without any problem? (2 Replies)
Discussion started by: manustone
2 Replies

6. Solaris

Server unexpectedly closed network connection error in passwordless in ssh through

Hi , when i try to passwordless connection login in ssh through putty, i am getting the "Server unexpectedly closed network connection" error.i have already finished the public and private key settings for the particular user. thanks MaroV (1 Reply)
Discussion started by: vr_mari
1 Replies

7. Cybersecurity

Enable SSH for root over certain network connection of a server...is it possible?

Hi - I have a SUSE Enterprise Linux Server V9 that I have an issue with. Policy says that root connectivity via ssh needs to be disabled. So, to do that, I made the following change in the sshd_config section: # Authentication: #LoginGraceTime 2m #PermitRootLogin yes PermitRootLogin no... (3 Replies)
Discussion started by: cpolikowsky
3 Replies

8. IP Networking

ssh server is attachable from local network not from another network

hello i have a ubuntu ssh server that i can acess from any of my comnputers but only if they are on the same wireless network as the server. i tested trhis my tehtehring my samsung blackjack to my windows partition and installing openssh to windows it works when windows is on the wireless but no... (1 Reply)
Discussion started by: old noob
1 Replies

9. Solaris

network config problem - how to set the server for others to ssh without password

Hi, I want to ssh the linux server without inputting the password, how can I config this server? Thanks in advance! (1 Reply)
Discussion started by: GCTEII
1 Replies

10. UNIX for Advanced & Expert Users

Encrypt traffic between Solaris 8 hosts

I have two Solaris 8 hosts that send data to one another throughout the day. It is a legacy system and the programs used are rdist, rcp and ftp. I have been asked to ensure that the data transferred is encrypted beween the two hosts. My first thought was to replace these commands with ssh.... (2 Replies)
Discussion started by: blp001
2 Replies
Login or Register to Ask a Question

LEARN ABOUT FREEBSD

faithd

FAITHD(8)						    BSD System Manager's Manual 						 FAITHD(8)

NAME

     faithd -- FAITH IPv6/v4 translator daemon

SYNOPSIS

     faithd [-dp] [-f configfile] service [serverpath [serverargs]]

DESCRIPTION

     The faithd utility provides IPv6-to-IPv4 TCP relaying.  It can only be used on an IPv4/v6 dual stack router.

     When faithd receives TCPv6 traffic, it will relay the TCPv6 traffic to TCPv4.  The destination for the relayed TCPv4 connection will be
     determined by the last 4 octets of the original IPv6 destination.	For example, if 3ffe:0501:4819:ffff:: is reserved for faithd, and the
     TCPv6 destination address is 3ffe:0501:4819:ffff::0a01:0101, the traffic will be relayed to IPv4 destination 10.1.1.1.

     To use the faithd translation service, an IPv6 address prefix must be reserved for mapping IPv4 addresses into.  The kernel must be properly
     configured to route all the TCP connections toward the reserved IPv6 address prefix into the faith(4) pseudo interface, using the route(8)
     command.  Also, sysctl(8) should be used to configure net.inet6.ip6.keepfaith to 1.

     The router must be configured to capture all the TCP traffic for the reserved IPv6 address prefix, by using route(8) and sysctl(8) commands.

     The faithd utility needs special name-to-address translation logic, so that hostnames get resolved into the special IPv6 address prefix.  For
     small-scale installations, use hosts(5); For large-scale installations, it is useful to have a DNS server with special address translation
     support.  An implementation called totd is available at http://www.vermicelli.pasta.cs.uit.no/software/totd.html.	Make sure you do not prop-
     agate translated DNS records over to normal DNS, as it can cause severe problems.

   Daemon mode
     When faithd is invoked as a standalone program, faithd will daemonize itself.  The faithd utility will listen to TCPv6 port service.  If
     TCPv6 traffic to port service is found, it relays the connection.

     Since faithd listens to TCP port service, it is not possible to run local TCP daemons for port service on the router, using inetd(8) or other
     standard mechanisms.  By specifying serverpath to faithd, you can run local daemons on the router.  The faithd utility will invoke a local
     daemon at serverpath if the destination address is a local interface address, and will perform translation to IPv4 TCP in other cases.  You
     can also specify serverargs for the arguments for the local daemon.

     The following options are available:

     -d      Debugging information will be generated using syslog(3).

     -f configfile
	     Specify a configuration file for access control.  See below.

     -p      Use privileged TCP port number as source port, for IPv4 TCP connection toward final destination.  For relaying ftp(1), this flag is
	     not necessary as special program code is supplied.

     The faithd utility will relay both normal and out-of-band TCP data.  It is capable of emulating TCP half close as well.  The faithd utility
     includes special support for protocols used by ftp(1).  When translating the FTP protocol, faithd translates network level addresses in
     PORT/LPRT/EPRT and PASV/LPSV/EPSV commands.

     Inactive sessions will be disconnected in 30 minutes, to prevent stale sessions from chewing up resources.  This may be inappropriate for
     some services (should this be configurable?).

   inetd mode
     When faithd is invoked via inetd(8), faithd will handle connections passed from standard input.  If the connection endpoint is in the
     reserved IPv6 address prefix, faithd will relay the connection.  Otherwise, faithd will invoke a service-specific daemon like telnetd(8), by
     using the command argument passed from inetd(8).

     The faithd utility determines operation mode by the local TCP port number, and enables special protocol handling whenever necessary/possible.
     For example, if faithd is invoked via inetd(8) on the FTP port, it will operate as an FTP relay.

     The operation mode requires special support for faithd in inetd(8).

   Access control
     To prevent malicious access, faithd implements simple address-based access control.  With /etc/faithd.conf (or configfile specified by -f),
     faithd will avoid relaying unwanted traffic.  The faithd.conf configuration file contains directives of the following format:

     o	 src/slen deny dst/dlen

	 If the source address of a query matches src/slen, and the translated destination address matches dst/dlen, deny the connection.

     o	 src/slen permit dst/dlen

	 If the source address of a query matches src/slen, and the translated destination address matches dst/dlen, permit the connection.

     The directives are evaluated in sequence, and the first matching entry will be effective.	If there is no match (if we reach the end of the
     ruleset) the traffic will be denied.

     With inetd mode, traffic may be filtered by using access control functionality in inetd(8).

EXIT STATUS

     The faithd utility exits with EXIT_SUCCESS (0) on success, and EXIT_FAILURE (1) on error.

EXAMPLES

     Before invoking faithd, the faith(4) interface has to be configured properly.

	   # sysctl net.inet6.ip6.accept_rtadv=0
	   # sysctl net.inet6.ip6.forwarding=1
	   # sysctl net.inet6.ip6.keepfaith=1
	   # ifconfig faith0 up
	   # route add -inet6 3ffe:501:4819:ffff:: -prefixlen 96 ::1
	   # route change -inet6 3ffe:501:4819:ffff:: -prefixlen 96 -ifp faith0

   Daemon mode samples
     To translate telnet service, and provide no local telnet service, invoke faithd as follows:

	   # faithd telnet

     If you would like to provide local telnet service via telnetd(8) on /usr/libexec/telnetd, use the following command line:

	   # faithd telnet /usr/libexec/telnetd telnetd

     If you would like to pass extra arguments to the local daemon:

	   # faithd ftp /usr/libexec/ftpd ftpd -l

     Here are some other examples.  You may need -p if the service checks the source port range.

	   # faithd ssh
	   # faithd telnet /usr/libexec/telnetd telnetd

   inetd mode samples
     Add the following lines into inetd.conf(5).  Syntax may vary depending upon your operating system.

	   telnet  stream  tcp6/faith  nowait  root  faithd  telnetd
	   ftp	   stream  tcp6/faith  nowait  root  faithd  ftpd -l
	   ssh	   stream  tcp6/faith  nowait  root  faithd  /usr/sbin/sshd -i

     inetd(8) will open listening sockets with kernel TCP relay support enabled.  Whenever a connection comes in, faithd will be invoked by
     inetd(8).	If the connection endpoint is in the reserved IPv6 address prefix.  The faithd utility will relay the connection.  Otherwise,
     faithd will invoke service-specific daemon like telnetd(8).

   Access control samples
     The following illustrates a simple faithd.conf setting.

	   # permit anyone from 3ffe:501:ffff::/48 to use the translator,
	   # to connect to the following IPv4 destinations:
	   # - any location except 10.0.0.0/8 and 127.0.0.0/8.
	   # Permit no other connections.
	   #
	   3ffe:501:ffff::/48 deny 10.0.0.0/8
	   3ffe:501:ffff::/48 deny 127.0.0.0/8
	   3ffe:501:ffff::/48 permit 0.0.0.0/0

SEE ALSO

     faith(4), route(8), sysctl(8)

     Jun-ichiro itojun Hagino and Kazu Yamamoto, "An IPv6-to-IPv4 transport relay translator", RFC3142, http://tools.ietf.org/html/rfc3142, June
     2001.

HISTORY

     The faithd utility first appeared in the WIDE Hydrangea IPv6 protocol stack kit.

     IPv6 and IPsec support based on the KAME Project (http://www.kame.net/) stack was initially integrated into FreeBSD 4.0.

SECURITY CONSIDERATIONS

     It is very insecure to use IP-address based authentication, for connections relayed by faithd, and any other TCP relaying services.

     Administrators are advised to limit accesses to faithd using faithd.conf, or by using IPv6 packet filters, to protect the faithd service from
     malicious parties, and to avoid theft of service/bandwidth.  IPv6 destination addresses can be limited by carefully configuring routing
     entries that point to faith(4), using route(8).  The IPv6 source address needs to be filtered using packet filters.  The documents listed in
     SEE ALSO have more information on this topic.

BSD
								  August 2, 2011							       BSD