Cannot ssh to Freerunner

Joel Newkirk freerunner at newkirk.us
Tue Oct 7 07:38:48 CEST 2008 

Well crap, sorry about that.  It's supposed to be "-j ACCEPT", not just
'ACCEPT'.  "-j" means 'jump' and is followed by a chain name or target, in
this case ACCEPT telling the firewall to permit matching traffic.  I'm
guessing your FORWARD chain is either empty with a policy of ACCEPT, or
some form of 'allow all' rule, so the traffic gets through without those
additions.  ;)

j

On Tue, 07 Oct 2008 07:21:34 +0200, "Nicolas Linkert" <linkert at fastmail.fm>
wrote:
> Great! This works for me. The only thing I had to change were the
> "ACCEPT" commands since they were not accepted.
> 
> Thanks.
> 
> cu,
> Nick
> 
> On Mon, 6 Oct 2008 20:28:58 -0400, "Joel Newkirk"
> <freerunner at newkirk.us> said:
>> Sorry, I'd expected to be in front of a computer earlier to respond...
>>
>> >> 3: usb0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
>> >> state UNKNOWN qlen 1000
>> >>     link/ether 6e:6d:ef:52:f2:5b brd ff:ff:ff:ff:ff:ff
>>
>> >> 192.168.0.0/24 dev eth0  proto kernel  scope link  src 192.168.0.101
>> >> 169.254.0.0/16 dev eth0  scope link  metric 1000
>> >> default via 192.168.0.100 dev eth0
>>
>> That's a problem right there - the state of the interface is 'UNKNOWN',
>> it
>> has no IP, and (hand in hand with no IP) there's no route out usb0 for
>> anything.  However, since you later said you can SSH to the FR with
>> different settings, I'm assuming this to have been a temporary glitch...
>>
>>
>> Try these on for size, in /etc/network/interfaces on the host:
>>
>> auto usb0
>> iface usb0 inet static
>>     address 192.168.0.201
>>     netmask 255.255.255.252
>>     post-up iptables -t nat -I POSTROUTING -t nat -j MASQUERADE -s
>> 192.168.0.202
>>     post-up echo 1 > /proc/sys/net/ipv4/ip_forward
>>     post-up iptables -I FORWARD -s 192.168.0.202 ACCEPT
>>     post-up iptables -I FORWARD -d 192.168.0.202 ACCEPT
>>     pre-down iptables -D POSTROUTING -t nat -j MASQUERADE -s
>>     192.168.0.202
>>     pre-down iptables -D FORWARD -s 192.168.0.202 ACCEPT
>>     pre-down iptables -D FORWARD -d 192.168.0.202 ACCEPT
>>
>>
>> And on the FreeRunner:
>>
>> auto usb0
>> iface usb0 inet static
>>     address 192.168.0.202
>>     netmask 255.255.255.252
>>     network 192.168.0.200
>>     gateway 192.168.0.201
>>     up echo "nameserver 192.168.0.100" | resolvconf -a usb0
>>     down resolvconf -d usb0
>>
>>
>> NOTE: This uses 192.168.0.201 on the host, not 192.168.0.200.  This lets
>> us
>> clip it down to a /30 subnet, two IPs plus network and broadcast.  The
>> above works for me (with slight variations regarding nameserver and nat
>> rules) on three different Ubuntu boxes and at least one Mandriva.
>> Depending on the image/distro on the Freerunner, the two 'resolvconf'
>> lines
>> may not work out, it may instead need 'up echo "nameserver
> 192.168.0.100"
>> >/etcf/resolv.conf' and no 'down', or even other approaches to setting
>> nameservers.  Using resolvconf is the 'right' way with 2007/2008
> distros,
>> AFAICS.
>>
>> j
>>
>>
>>
>> On Mon, 06 Oct 2008 23:43:59 +0200, "Nicolas Linkert"
>> <linkert at fastmail.fm>
>> wrote:
>> > The following entry in /etc/network/interfaces allows me to log into
> the
>> > FR - but then I have no access to the internet ...
>> >
>> > # The primary network interface
>> > allow-hotplug eth0
>> > iface eth0 inet static
>> > 	address 192.168.0.101
>> > 	netmask 255.255.255.0
>> > 	network 192.168.0.0
>> > 	broadcast 192.168.0.255
>> > 	gateway 192.168.0.100
>> > 	dns-nameservers 192.168.0.100
>> > 	dns-search gamma.vz
>> >
>> > auto usb0
>> > iface usb0 inet static
>> > address 192.168.0.200
>> > netmask 255.255.255.0
>> >
>> >
>> > On Mon, 06 Oct 2008 21:28:21 +0200, "Nicolas Linkert"
>> > <linkert at fastmail.fm> said:
>> >>
>> >> On Mon, 6 Oct 2008 14:53:32 -0400, "Joel Newkirk"
>> >> <freerunner at newkirk.us> said:
>> >> > On Mon, 06 Oct 2008 20:42:41 +0200, "Nicolas Linkert"
>> >> > <linkert at fastmail.fm>
>> >> > wrote:
>> >> > > Hi,
>> >> > >
>> >> > > no, that does not change anything.
>> >> > >
>> >> > > ifconfig usb0 192.168.0.200 netmask 255.255.255.0
>> >> > > route add -host 192.168.0.202 gw 192.168.0.200
>> >> > >
>> >> >
>> >> > >> > Host IP:  192.168.0.101
>> >> > >> > DNS:      192.168.0.100
>> >> > >> >
>> >> > >> > On the host I do as root:
>> >> > >> > ifconfig usb0 192.168.0.200 netmask 255.255.255.0
>> >> > >> > ssh root at 192.168.0.202
>> >> > >> >
>> >> > >> > No route to host ... ?
>> >> >
>> >> > can you post the output of "ip a" and "ip r" on the host?
>> >>
>> >> ip a
>> >>
>> >> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
>> >>     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>> >>     inet 127.0.0.1/8 scope host lo
>> >>     inet6 ::1/128 scope host
>> >>        valid_lft forever preferred_lft forever
>> >> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
>> >> state UP qlen 1000
>> >>     link/ether 00:1f:29:7f:4e:a5 brd ff:ff:ff:ff:ff:ff
>> >>     inet 192.168.0.101/24 brd 192.168.0.255 scope global eth0
>> >>     inet6 fe80::21f:29ff:fe7f:4ea5/64 scope link
>> >>        valid_lft forever preferred_lft forever
>> >> 3: usb0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
>> >> state UNKNOWN qlen 1000
>> >>     link/ether 6e:6d:ef:52:f2:5b brd ff:ff:ff:ff:ff:ff
>> >>
>> >> ip r
>> >>
>> >> 192.168.0.0/24 dev eth0  proto kernel  scope link  src 192.168.0.101
>> >> 169.254.0.0/16 dev eth0  scope link  metric 1000
>> >> default via 192.168.0.100 dev eth0
>> >>
>> >> >
>> >> > What OS on the host?  (well, OS presumably is 'linux' if you're
> able
>> > to
>> >> > use
>> >> > ifconfig usb0, but what distro?)
>> >>
>> >> Debian Lenny
>> >>
>> >> cu,
>> >> Nick
>> >>
>> >> _______________________________________________
>> >> Openmoko community mailing list
>> >> community at lists.openmoko.org
>> >> http://lists.openmoko.org/mailman/listinfo/community
>> >
>> > _______________________________________________
>> > Openmoko community mailing list
>> > community at lists.openmoko.org
>> > http://lists.openmoko.org/mailman/listinfo/community
>>
>>
>> _______________________________________________
>> Openmoko community mailing list
>> community at lists.openmoko.org
>> http://lists.openmoko.org/mailman/listinfo/community
> 
> _______________________________________________
> Openmoko community mailing list
> community at lists.openmoko.org
> http://lists.openmoko.org/mailman/listinfo/community

More information about the community mailing list