Network question

English Network/Internet
#1

Folks;
I have 2 SUSE servers similar in all configuration & both on the same network
(192.168.151.10 & 192.168.151.11) with the same default gateway of 192.168.151.1 and the same netmask of 255.255.255.0 and the same firewall configuration

the first one works fine and i can ssh to it & i can ping it.

The problem is with the second one “192.168.151.11”, i cannot ping it or ssh to it from any where even from the ones on the same network. But if i’m on that server “192.1668.151.11” i can ping to other ones fine & ssh to any server.

In other words, the second server can ping or ssh TO any other servers but can not ping it or ssh to it from any where.

Any help please?

#2

Check your firewalls.

Also, ensure your 192.168.151.11 does not have file entries under /home/your-user-name/.ssh that is blocking the ssh connection.

#3

I know you’re “sure” the firewalls are the same but, to be sure, disable the firewall completely on the .11 box (just temporarily) and see if you can ssh/ping it then… or temporarily add explicit rules to accept icmp and ssh from all interfaces.

iptables -I INPUT -p tcp --dport 22 -j ACCEPT
iptables -I INPUT -p icmp -j ACCEPT

You can remove them after testing by running the exact same commands with -D instead of -I.

#4

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Agreed.

And if that doesn’t affect anything get a LAN trace from both sides.
Also make sure you don’t have a duplicate IP on the network. If you
have multiple NICs in either verify they are both sending/receiving
anything (seems likely they are already).

Good luck.

lccts1 wrote:
| I know you’re “sure” the firewalls are the same but, to be sure, disable
| the firewall completely on the .11 box (just temporarily) and see if you
| can ssh/ping it then… or temporarily add explicit rules to accept icmp
| and ssh from all interfaces.
|
| iptables -I INPUT -p tcp --dport 22 -j ACCEPT
| iptables -I INPUT -p icmp -j ACCEPT
|
| You can remove them after testing by running the exact same commands
| with -D instead of -I.
|
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIUe1d3s42bA80+9kRAiT0AJoDJMq9vqOwWxhDx8Tivtg9cJ+K8wCeLyRu
aY8TPgyuJNhfXweXkiRv4DE=
=Duz9
-----END PGP SIGNATURE-----

#5

Thanks guys for your replies.
I did what you suggested in your replies with no luck.

#6

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

And the LAN trace showed…

Good luck.

ab@novell.com wrote:
| Agreed.
|
| And if that doesn’t affect anything get a LAN trace from both sides.
| Also make sure you don’t have a duplicate IP on the network. If you
| have multiple NICs in either verify they are both sending/receiving
| anything (seems likely they are already).
|
| Good luck.
|
|
|
|
|
| lccts1 wrote:
| | I know you’re “sure” the firewalls are the same but, to be sure, disable
| | the firewall completely on the .11 box (just temporarily) and see if you
| | can ssh/ping it then… or temporarily add explicit rules to accept icmp
| | and ssh from all interfaces.
| |
| | iptables -I INPUT -p tcp --dport 22 -j ACCEPT
| | iptables -I INPUT -p icmp -j ACCEPT
| |
| | You can remove them after testing by running the exact same commands
| | with -D instead of -I.
| |
| |
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIUuVb3s42bA80+9kRApU5AJ4p60FH1SOm6iVQ5xlImO63I4Z0sQCfRIao
SMd280hw2m+UlvpQrAmNFB0=
=5Ydk
-----END PGP SIGNATURE-----

#7

Kat, from the .11 box try “ssh localhost” and tell me if it can even ssh to itself.

also, post your output to “netstat -pan|grep sshd”