Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi, I have a Linksys WRT54G router with 3 clients:
a FC3 laptop (wireless), a FC4 desktop (wireless), and a RH9 box
sitting next to the router and connected via Ethernet wire into the
router's built in switch.
When I SSH between the wireless laptop and desktop, the 'last login from'
message correctly displays the IP address of the connecting computer.
However when I SSH the wired RH9 box from my wireless computers, it always says that the last
login came from 192.168.2.1 (the router).
This causes a problem. I like to use ssh-keygen to generate public/private keys so I don't have to type passwords for SSH logins.
This would work if the computers were directly connected via crossover cable or something.
But because the computers are connecting through the router, I (this is my idea of a fix) have to
somehow generate a publickey for the router.
The router, by the way, is using alchemy firmware, so I can ssh into the router.
I tried generating a public key on the router, but that didn't work.
I guess the router makes some kind of masquerade... If you don't plan to remove it you can configure a tunnel to reach the server. Or just generate keys on the wireless machines and add an entry on the server to accept the keys, but use them for 192.168.2.1 address. You then need one pair of keys for one user on the wireless ones.
Are you sure the machines are configured correctly? It seems to me that no masquerade should be involved within the internal network. What does the 'route' command say for the machines involved?
Why don't you just generate keys and make them valid for the whole 192.168.2.0/24 network? This network could never appear in the real world side of things, so your ISP should be blocking packets (and any smart router will do the same).
Masquerading is just another word for routing. It's what routers do for a living. My PC is currently attached to a WRT54G and the route command says
% route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
default 192.168.1.254 0.0.0.0 UG 0 0 0 eth0
So any packet sent to an address 192.168.1.* should get there directly. If the address does not match this pattern the packet goes to the default address 192.168.1.254 (which is the WRT54G in this case). The router then passes it upstream to the ISP. Externally the packet appears to have come from the router. So the internal PC is hiding or 'masquerading' behind the router.
If you only have the default route then even internally it may look like all packets are coming from the router.
I only know how to use ssh-keygen to generate keypairs for a single computer, not a whole network. Could someone show me how to generate keys for my entire 192.168.2.0/255.255.255.0 network?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.