From owner-freebsd-questions@FreeBSD.ORG Tue Mar 19 21:34:13 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 5ADDB8D1 for ; Tue, 19 Mar 2013 21:34:13 +0000 (UTC) (envelope-from drew@mykitchentable.net) Received: from rc3.surewest.net (rc3.surewest.net [66.60.130.52]) by mx1.freebsd.org (Postfix) with ESMTP id 36998870 for ; Tue, 19 Mar 2013 21:34:13 +0000 (UTC) Received: from smtp2.surewest.net ([66.60.130.145]) by rc3.surewest.net ({89e988b2-2a53-469e-91f0-3e9924092bec}) via TCP (outbound) with ESMTP id 20130319213400619; Tue, 19 Mar 2013 21:34:00 +0000 X-RC-FROM: Received: from smtpauth.surewest.net (smtpauth.surewest.net [66.60.130.153]) by smtp2.surewest.net (Postfix) with ESMTP id 642EE893B9; Tue, 19 Mar 2013 14:33:58 -0700 (PDT) Received: from blacklamb.mykitchentable.net (mykitchentable.net [69.62.230.77]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtpauth.surewest.net (Postfix) with ESMTPSA id 132B49C276; Tue, 19 Mar 2013 14:33:58 -0700 (PDT) Received: from [127.0.0.1] (tagalong-II.mykitchentable.net [192.168.1.45]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by blacklamb.mykitchentable.net (Postfix) with ESMTPSA id 539FB165747; Tue, 19 Mar 2013 14:33:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=mykitchentable.net; s=default; t=1363728837; bh=Q40VORuki/Y6dbsCEEARO+vW2F7Z7iS4riNr3BRJ2fo=; h=Message-ID:Date:From:MIME-Version:To:CC:Subject:References: In-Reply-To:Content-Type:Content-Transfer-Encoding; b=BNGen1xrfZut9iEBFUiEQA1g3A5QLHTXOZ6XJ0wPxDs2UIvK+zth0iAsPSQxcfKgL l6FPeY9GjN7AtKvdZG0QNuUsKAQlQalYV5Zw7+aIomqjDeyvMjIuijNP+O8d0gHGuO OPbeMfKDev6aW9kz9TQgkkHvlqeLeuDdbUiTZGbo= Message-ID: <5148D9BF.5000006@mykitchentable.net> Date: Tue, 19 Mar 2013 14:33:51 -0700 From: Drew Tomlinson User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130307 Thunderbird/17.0.4 MIME-Version: 1.0 To: mexas@bristol.ac.uk Subject: Re: cannot ssh into a box with DHCP assigned IP address References: <201302201355.r1KDt8Lt063091@mech-cluster241.men.bris.ac.uk> In-Reply-To: <201302201355.r1KDt8Lt063091@mech-cluster241.men.bris.ac.uk> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Antivirus: avast! (VPS 130319-0, 03/19/2013), Outbound message X-Antivirus-Status: Clean X-MAG-OUTBOUND: surewest.redcondor.net@66.60.130.145/32 Cc: ml@my.gd, feenberg@nber.org, freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Mar 2013 21:34:13 -0000 On 2/20/2013 5:55 AM, Anton Shterenlikht wrote: > From feenberg@nber.org Wed Feb 20 13:39:28 2013 > > > From: Fleuriot Damien > > To: mexas@bristol.ac.uk > > Subject: Re: cannot ssh into a box with DHCP assigned IP address > > Date: Wed, 20 Feb 2013 10:31:22 +0100 > > Cc: freebsd-questions@freebsd.org > > > > On Feb 20, 2013, at 10:28 AM, Anton Shterenlikht wrote: > > > > > I have a laptop with FreeBSD -current, > > > with ip address assigned via DHCP. > > > The laptop has neither a static ip address, > > > nor a domain. > > > > > > I can ping the laptop fine, but cannot I doubt that you can ping 172.21.220.12 from 137.222.187.241 as 172.21.220.12 is private IP address space and is not routed across the Internet. > > > ssh into it. The sshd is running, /etc/ssh/ssd_config > > > seems fine, /etc/hosts.allow is fine. > > > However, /etc/hosts is just the default: > > While on the problem machine, can you ssh to localhost? ssh to the IP > address? > > yes to both > > I would suspect the problem is in /etc/hosts.allow > or /etc/hosts.deny, > > The first non-comment line in /etc/hosts.allow is > ALL : ALL : allow > > and I don't have /etc/hosts.deny: > > root@zzz:~ # ls /etc/hosts* > /etc/hosts /etc/hosts.equiv > /etc/hosts.allow /etc/hosts.lpd > root@zzz:~ # > > or perhaps the subnet mask is incorrect. > > Well.. what should it be? > I have on the problem box (ssh server): > > wlan0: flags=8943 metric 0 mtu 1 > 500 > ether 00:21:5c:50:68:c3 > inet 172.21.220.12 netmask 0xfffffc00 broadcast 255.255.255.255 > nd6 options=29 > media: IEEE 802.11 Wireless Ethernet OFDM/54Mbps mode 11g > status: associated > ssid eduroam channel 1 (2412 MHz 11g) bssid 00:3a:98:62:cd:a0 > country US authmode WPA2/802.11i privacy ON deftxkey UNDEF > AES-CCM 2:128-bit AES-CCM 3:128-bit txpower 14 bmiss 10 scanvalid 450 > bgscan bgscanintvl 300 bgscanidle 250 roam:rssi 7 roam:rate 5 > protmode CTS wme roaming MANUAL > > I'm trying to ssh from 137.222.187.241. > > I wonder, perhaps it somehow built into the > Eduroam wireless, provided by the University, > that the devices connected to it cannot be > accessible. They can only initiate outgoing > connections, but all incoming connections are > somehow blocked? Given that the majority of > the devices will be unsecured MS boxes, maybe > the university thought that this is wise idea > for safety. Perhaps I can investigate this > with my IT guys. > > Or I might be talking complete nonsense here, not my area at all. It is kind of "built in" as you say. The Eduroam wireless network appears to be a private network sitting behind a NAT gateway. Thus what happens when you access the Internet is that your laptop sends that request to the NAT gateway on the Eduroam network. The NAT gateway strips off your private IP address and replaces it with a public IP address , marks the connection in its table, and sends it on it's way. Then when the answer comes back from the Internet, the NAT gateway strips off the public IP address and replaces with your private IP address, and sends it to your laptop. While on the Eduroam network, go to http://whatismyip.com. You will see that your IP is not 172.21.220.12. It will be a public IP address that Eduroam uses. Bottom line is that the only way you could ssh to your laptop from the Internet is if you got the university to give you a public IP address and port and then they set up NAT and port forwarding on their network to point that public IP address to your laptop private IP address ssh port. Since I doubt you will have much luck with that, I suspect the short answer is "you can't ssh to your laptop from the Internet when it's connected to your university network". I'm sure this isn't the answer you wanted but hopefully this will save you some frustration. Cheers, Drew -- Like card tricks? Visit The Alchemist's Warehouse to learn card magic secrets for free! http://alchemistswarehouse.com