[wellylug] Problem with ssh & dns on multi-homed hosts
Richard Hector
rhector at actrix.gen.nz
Sat Jan 12 23:32:43 NZDT 2002
Hi all,
I've been playing with 2 things recently.
Firstly, I've set up a 100 Mbit crossover cable between 2 hosts on my
network, in parallel with the 10 Mbit network used by everything else.
Neither of these 2 hosts routes, so the new network is only usable by
these 2.
Secondly, I've set up 2 (bind 9) DNS servers on my network - one on one
of the above hosts, the other on another box. I'm using a bogus TLD of
'fake', which shouldn't be a problem as no-one in the outside world
should be looking at my name servers. I've set up 2 views, so that hosts
only on the 10 Mbit net can only get addresses on that net.
It looks like this:
/ To Internet
/\/
/ (dynamic IP - dialup)
-------- ------------
| ruby | (router/firewall) | sapphire | (slave DNS)
-------- ------------
| 192.168.10.1 | 192.168.10.30
10 Mbit hub ------------------------------------------------
| 192.168.10.10 | 192.168.10.40
----------- -----------
| diamond | (my desktop) | emerald | (server & pri DNS)
----------- -----------
| 192.168.20.10 | 192.168.20.40
100 Mbit ------------------------------------
There are other machines as well; all are on the 10 Mbit hub, and
shouldn't be important.
The problem is, when I ssh from diamond to emerald, I use the 100 Mbit
network, and ssh refuses the connection. It claims that it is blocked by
/etc/hosts.deny (which has the one line "ALL: PARANOID") because
192.168.20.10 != diamond.fake.
Running dig on emerald, though returns both addresses for diamond.fake,
and returns diamond.fake for 192.168.20.10.
Can anybody suggest what I might be doing wrong?
I'm guessing I may have provided too much info in places, and maybe not
enough in others. I can naturally supply further info if necessary.
Thanks,
Richard
------------------------ Yahoo! Groups Sponsor ---------------------~-->
Tiny Wireless Camera under $80!
Order Now! FREE VCR Commander!
Click Here - Only 1 Day Left!
http://us.click.yahoo.com/WoOlbB/7.PDAA/ySSFAA/0XFolB/TM
---------------------------------------------------------------------~->
.-. Wellington
/V\ Linux
// \\ Users
/( )\ Group
^^-^^
http://wlug.paradise.net.nz/
To unsubscribe from this group, send an email to:
wellylug-unsubscribe at egroups.com
Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
More information about the wellylug
mailing list