virtual IP address - ssh problem

12-12-2006, 07:49 AM

I run a debian root server with 4 virtual hosts. Now I got a second IP
address and configured it as virtual IP on eth0:

/etc/networking/interfaces:
auto eth0
iface eth0 inet dhcp

auto eth0:0
iface eth0:0 inet static
address x.x.x.x
netmask 255.255.255.255

and configured one of the vhosts to listen to the new IP.

That works so far, both addresses are reachable via http/https. But
since I made this change, the original IP is not reachable via SSH any
longer. I can contact the server via a terminal server. Is this a ssh
problem, or maybe firewall related?
Eggert

12-13-2006, 10:12 AM

Eggert Ehmke <(E-Mail Removed)> wrote:
> /etc/networking/interfaces:
> auto eth0
> iface eth0 inet dhcp

> auto eth0:0
> iface eth0:0 inet static
> address x.x.x.x
> netmask 255.255.255.255

> since I made this change, the original IP is not reachable via SSH any
> longer. I can contact the server via a terminal server. Is this a ssh
> problem, or maybe firewall related?

Split the problem into parts:

1. Check the networking layer

From a different system, "telnet <IP_address_1> 22" and "telnet
<IP_address_2> 25", replacing <IP_address_N> with each of the IP
addresses in turn.

If you get a connection banner like "SSH-1.99-OpenSSH_4.3p2 Debian-7"
then the networking layer is working and no firewall is blocking
the port.

If you get problems, repeat the process on the local system and
report back here.

2. Check ssh is actually listening

On the local system, "netstat -na | grep ':22 .*LISTEN'". You should
see a line containing "0.0.0.0:*", which shows sshd is listening on
all interfaces.

3. Check your firewall rules

I'm going to leave this until you report back on #1 and #2. But if
you know how to do this, then please do so.

Chris

12-13-2006, 01:56 PM

Chris Davies <chris-(E-Mail Removed)> schrieb:

Hi Chris,
>Eggert Ehmke <(E-Mail Removed)> wrote:
>> /etc/networking/interfaces:
>> auto eth0
>> iface eth0 inet dhcp
>
>> auto eth0:0
>> iface eth0:0 inet static
>> address x.x.x.x
>> netmask 255.255.255.255
>
>> since I made this change, the original IP is not reachable via SSH any
>> longer. I can contact the server via a terminal server. Is this a ssh
>> problem, or maybe firewall related?
>
>Split the problem into parts: <snipped>

seems it is a different problem. For testing, I removed the eth0:0
part in the config and restarted networking. Voila, the eth0:0 was
back *and* all was working! It seems my ISP does configure the second
IP via DHCP, I was not aware of this. Anyway, both IPs are working
fine now, and the first IP is reachable via SSH again.

Can you give me a hint about firewalling the secong IP? Right now,
only the first IP is in the ipconfig, I am concerned about security
holes via the second IP. Normally, I would allow only http/https. Even
ssh is only openend for a 15 second time slot via port knocking.
Eggert

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Network problem on Virtual PC's	Gene.	Windows Networking	5	11-22-2008 03:20 AM
bind outgoing mail connects to virtual ip address?	Jack Snodgrass	Linux Networking	4	03-13-2008 02:52 PM
Virtual LAN Problem	kysiow	Windows Networking	4	01-17-2006 01:14 AM
Virtual MAC/ IP Address calculation	Peter Weiss	Linux Networking	2	11-26-2005 07:17 PM
Adding Virtual IP Address	Vijay	Linux Networking	5	05-25-2004 03:36 PM