ssh connection

[aabaab]

Hi,
I have a FreeBSD 13.1 released installed on a machine and there is NO firewall service running on it, it has two interfaces one with public IP and the other with private IP. I can not ssh into the machine from a public IP apart from the public IP of the same network and I can ssh into the machine from the local network but when I ssh from any other public IP (I tried two different networks) the synack is not sent back. Following is the tcpdump

14:33:17.162810 00:50:56:bc:70:c5 > 04:42:1a:2d:3d:54, ethertype IPv4 (0x0800), length 74: PUBLIC-IP.4148 > PUBLIC-IP.22: Flags , seq 3819904479, win 65535, options [mss 1400,sackOK,TS val 4112988725 ecr 0,nop,wscale 10], length 0

14:33:21.217004 00:50:56:bc:70:c5 > 04:42:1a:2d:3d:54, ethertype IPv4 (0x0800), length 74: PUBLIC-IP.4148 > PUBLIC-IP.22: Flags , seq 3819904479, win 65535, options [mss 1400,sackOK,TS val 4112992757 ecr 0,nop,wscale 10], length 0

14:33:29.398306 00:50:56:bc:70:c5 > 04:42:1a:2d:3d:54, ethertype IPv4 (0x0800), length 74: PUBLIC-IP.4148 > PUBLIC-IP.22: Flags , seq 3819904479, win 65535, options [mss 1400,sackOK,TS val 4113000949 ecr 0,nop,wscale 10], length 0

It is the host itself, because its the synack packets which I can't see in the tcpdump

 

[covacat]

does the machine have a default route ?

 

[gpw928]

We need a bit more information in order to start a diagnosis.

Please show us the output of netstat -rn.

Can you ping 8.8.8.8 from this host?

Do you have an appliance which connects your host or internal network to the Internet? Does it have a firewall blocking all incoming connections (which is quite usual)?

 

[aabaab]

Yes, I can ping the 8.8.8.8.
Routing table is a follow.

user@machine:~ $ netstat -nr
Routing tables
Internet:
Destination                  Gateway            Flags     Netif Expire
default                          10.250.10.1         UGS       vlan12
10.33.0.0/21                 link#8                  U          vlan7
10.33.0.1                      link#8                  UHS         lo0
10.250.10.0/30             link#7                  U          vlan12
10.250.10.2                  link#7                  UHS         lo0
127.0.0.1                      link#5                  UHS         lo0
public-network/mask    link#10                U          vlan25
public-IP                       link#10                UHS         lo0

While pinging the public-ip of the machine from another machine which has public ip I just came to know via tcpdump that the icmp-request comes to vlan25 and icmp-echo goes out of vlan12, please take a look at following, please ignore the timestamps.

user@machine:~ $ sudo tcpdump -i vlan25 -ne icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vlan1025, link-type EN10MB (Ethernet), capture size 262144 bytes
10:04:13.568382  M-A-C  >  M-A-C , ethertype IPv4 (0x0800), length 98: Remote-PublicIP > PublicIP: ICMP echo request, id 87, seq 1266, length 64
10:04:14.566854  M-A-C  >  M-A-C , ethertype IPv4 (0x0800), length 98: Remote-PublicIP > PublicIP: ICMP echo request, id 87, seq 1267, length 64

user@machine:~ $ sudo tcpdump -i vlan12 -ne icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vlan12, link-type EN10MB (Ethernet), capture size 262144 bytes
09:45:21.021106  M-A-C  >  M-A-C , ethertype IPv4 (0x0800), length 98: PublicIP > Remote-PublicIP: ICMP echo reply, id 87, seq 139, length 64
09:45:22.091139  M-A-C  >  M-A-C , ethertype IPv4 (0x0800), length 98: PublicIP > Remote-PublicIP: ICMP echo reply, id 87, seq 140, length 64

 

[covacat]

you cant see the syn ack pqckets because they go out thru vlan12 and you tcpdump on vlan25

 

[aabaab]

yes, thats right, I noticed this just a moment ago. Thanks for the help.