Introducing DigitalOcean Functions: A powerful, serverless compute solution

Related

My website is unresponsive! What do I do?
Question
Postfix timing out when sending mail
Question

Question

iptables ssh not working

First I connected to server B’s vpn and ssh into server B from my local machine. Then I continue ssh into server A but fail. Machine B with VPN and machine A both with private network setup. I’ve checked my ip when I connected to the vpn, the ip is machine B’s public ip.

The iptable rules are as follow: (A) sudo iptables -P INPUT ACCEPT sudo iptables -P OUTPUT ACCEPT sudo iptables -P FORWARD ACCEPT sudo iptables -F sudo iptables -A INPUT -p tcp -s <server B private ip> --dport 22 -i eth1 -j ACCEPT sudo iptables -A OUTPUT -p tcp -d <server B private ip> --sport 22 -o eth1 -m state --state ESTABLISHED -j ACCEPT sudo iptables -A INPUT -i lo -j ACCEPT sudo iptables -A OUTPUT -o lo -j ACCEPT

(B) openvpn sudo iptables -P INPUT ACCEPT sudo iptables -P OUTPUT ACCEPT sudo iptables -P FORWARD ACCEPT sudo iptables -F sudo iptables -A INPUT -p tcp -s <server A private ip> --dport 22 -i eth1 -j ACCEPT sudo iptables -A OUTPUT -p tcp -d <server A private ip> --sport 22 -o eth1 -m state --state ESTABLISHED -j ACCEPT sudo iptables -A INPUT -i lo -j ACCEPT sudo iptables -A OUTPUT -o lo -j ACCEPT sudo iptables -I OUTPUT -o eth0 -d 0.0.0.0/0 -j ACCEPT sudo iptables -I INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

What I’m trying to achieve is ssh from machine B into machine A with private network ip while connecting to machine’s B openvpn.

No other firewall setup because I am testing the behavior of iptable with openvpn. Anyone can help to explain? Thanks.

Subscribe
Share
Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

mefavSeptember 25, 2018

I’ve check and notice none of the arp entry is private network address and using private network interface. Is this normal? Is this the reason of the connection not working?

jarlandSeptember 24, 2018

Hey friend!

That is a tough one. I’ll try to offer any help that I can to surface the issue. I think we can simplify this a bit by removing the VPN logic from the thought process at least. Once connected to B over SSH, the connection you are troubleshooting is from B to A. The theory being that this would work or fail regardless of whether or not you were connected to or needed the VPN to connect to SSH on B, as the connection is purely B -> A at that stage. With that as a framework, we can reduce the question to this:

Why can’t B connect to A’s SSH server over private network?

So then I would ask:

  1. Are you certain that the private network is properly configured and functional on both machines?
  2. Are they able to ping each other over the private network?
  3. Is your VPN assigning client space in the IP range of the private network for either machine?

Hopefully this at least exposes a path for further troubleshooting.

Jarland

Join the DigitalOcean CommunityCommunity

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner

Related

My website is unresponsive! What do I do?
Question
Postfix timing out when sending mail
Question
Join the DigitalOcean CommunityCommunity

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner