Jeff, > I have a router / firewall combo that is the gateway between my LAN and the > cable modem. The router executes NAT for internet access of the clients on > my LAN. > So, I want to have some of my colleagues access my CVS repository on my Linux > box, within my LAN (i.e., behind the hardware firewall). > I have open sshd running on port 22, so I set up a virtual server: > Private IP: 192.168.0.8 > Private port: 22 > Type: TCP > Public port: 22 > I can sucessfully login as $ ssh jccann@localhost > However, when I try to $ ssh jccann@12.254.x.x, it just appears to hang and I > see no activity in my Linux server logs. If I remove the virtual server > setting and try the ssh to the IP address again, I get the following output: I bet I know what the problem is. On the machine you are trying to ssh FROM, I bet you are running X. I bet the terminal you are using is some sort of xterm. And I bet that the shell in that xterm has a $DISPLAY environment variable set. I also bet that the machine you are trying to ssh TO does not have X installed, or else it has X improperly installed. Try to "unsetenv DISPLAY" (csh) or 'DISPLAY="";export DISPLAY' (bash) to get rid of the $DISPLAY environment variable, and try your ssh again. I have had this same sort of problem before on systems that did not have X11 installed. The ssh daemon tries to run "xauth" or whatever the program is that makes the ~/.Xauthority file, and on a machine with no xauth the ssh session will hang indefinitely. Getting rid of the $DISPLAY on the source system makes the problem go away. Hope this helps.. > Secure connection to 12.254.x.x refused. > I also see no activity in the server, so I assume that the firewall is > prohibiting access. The other configuration options are: > 'Special applications' -- I tried the same configuration as the virtual > server with the same results. > Virtual DMZ -- I don't really have a problem with this, but I would rather > not have to reconfigure a firewall on my Linux box if I set it up as the DMZ. > Plus, information on this Linux box is sensitive, so placing it in a DMZ > would seem unwise. > The router / firewall is a Siemens SpeedStream 2614. I appreciate any > suggestions on configuration -- even if you don't have a Siemens, but some > other router / firewall hardware combo. > Thanks > Jeff -- Jim Ockers (ockers@ockers.net) Contact info: please see http://www.ockers.net/ Fight Spam! Join CAUCE (Coalition Against Unsolicited Commercial Email) at http://www.cauce.org/ .