SSH

Hello,
I've got an IPCOP box, with an Ubuntu 6.0.6 LAMP webserver on the DMZ part of it. What i'm having trouble with is getting SSH and SCP operational from the green network to the orange network (everything works lovely, if I put it on the green). I didn't have much luck finding an immediate solution and I'm not sure exactly what I need to do.
Anywho, any help/direction is appreciated.

Can you ping the ubuntu server from your green network. Does the ubuntu server have internet access. I'm just wondering cause if it's a connection issue and things on your green network can't access your orange network there is your problem. If you can it is probably a SSH issue that needs fixing just trying to narrow down the problem.

You using IPs or hostnames to connect?

I've been using IPs to connect, I can successfully go to the webpage (from my green network) using the IP # of the webserver. I didn't attempt any configuration when I installed it, just the apt-get install ssh openssh. It does have internet access, and I can ping it.
Thanks for the help thus far.

do a netstat -an and see if it shows the box listening on port 22 - if so on the computer you want to SSH from type
telnet <ip here> 22

see if the telnet session connects to verify you have access to the box on that port

you can also try

tcpdump -i <interface to filter> port 22
(to get interface names do a ifconfig -a and match up IP address)

this will let you see if the traffic makes it to the box... look for any resets from the box back to your workstation

Ok, I tried telneting and that didn't work, looks like the server is listening on port 22.

Did the tcpdump thing and when I try to connect from green I get an output displayed on the server like this
22:46:56, 333614 IP 192.168.1.101.2321 > 192.168.3.101.ssh : $601675436:601675436(0) win 65535 <mss 1460, nop,nop, sackOK>
So it looks like something is going thru to the dmz, it's just denying the connection for some reason?
Thanks for help thus far.

on which devices did you dump... also what interfaces on each device did you dump on?

your output only shows one way traffic.... I would try each interface (internal and external of the firewall as well as the interface on the webserver)

If I get some time in a bit I will post an example of what I mean and what you need to look for....

from your output it shows one way traffic... meaning there was no return traffic

192.168.1.101.2321 > 192.168.3.101.ssh

Traffic is going from 192.168.1.101 to 192.168.3.101 but you never see anything in return

(something like 192.168.3.101 > 192.168.1.101)

Fyi if you do a dump for SSH traffic make sure you are not currently connected via SSH or you filter for an address else it will be madness!

to filter for a ip address just type "host <ip>" replace <ip> with the ip address

what it looks like from your info is that you may need to add a rule to allow SSH between the 2 devices... you could check the Firewall logs to confirm but I am unsure where the logs are stored on that type of firewall

/var/log/messages maybe?