Subnet access from GREEN network

Hi,

I have my main green network 192.168.255.0/24 and a seperate subnet 192.168.2250/24.

I have one server with 2 NIC’s one connects to green and the other connects to the subnet, so the green network has no direct access to the subnet.

What i’d like to do is allow ssh access to the subnet.

So i thought setting a rule allowing access between the green and the subnet using TCP on port 22 would do the trick.

But alas no, i’ve tried many permutations ( enabling/disabling NAT etc ) but cannot get a reply from the subnet and i’m unsure where it’s getting blocked. I know SSH is working on the machine i wish to access and UFW is not enabled on that machine either.

Any pointers from the network guru’s will be greatfully received

Cheers

I am presuming that the separate subnet is supposed to be 192.168.225.0/24

Then your firewall rules need to be set up on that server as it has the two subnets connected to it and it has to carry out the routing to the separate subnet as only it will know about that separate subnet.

1 Like

:flushed_face: Sorry been a long day : yes it’s supposed to be 192.168.225.0/24.

I thought with UFW turned off then it would allow traffic, i’ll go and check it out and report back.

Thanks for taking the time to reply.

No it doesn’t work like that.

If you have two nics on a system and nothing else defined then one of those two nics will end up being the default gateway for connections and nothing will connect to the other nic as there is no routing info.

If you want to be able to access the other nic from systems on the first nic, you will need to create some routing rules on that server to do that so that it acts as a router between those two subnets. I believe that if there are no firewall rules then the routing information will allow anything on your green network to access anything on the separate subnet on the 2nd nic.

1 Like

You can simply declare your 2nd NIC on the Orange network and create the ssh access rule

The Green network has access to Orange by default

1 Like

The second nic is not on his IPFire system but on a server running on the green IPFire network.

Sorry, I misread.

So it’s a routing issue on the server, nothing to do with IPFire.

2 Likes

Sorry, I wasn’t supposed to write this here.

A simple diagram describing what kind of connection you want to make would be useful.

1 Like

ip route add 192.168.225.0/24 via 192.168.255.10

If your server address on green is 192.168.255.10

Please remember that the host between 192.168.255.0/24 and 192.168.225.0/24 must support this (routing)

1 Like