0

I have 2 machines running CentOS:

Machine A has two NICs: 192.168.150.1/255.255.255.0 and 192.168.1.1/255.255.255.0
Machine B has one NIC:  192.168.150.2/255.255.255.0

Machine B is connected directly to A (NIC to NIC), and has a route defined:

Destination     Gateway           Genmask
192.168.1.0     192.168.150.1     255.255.255.0

On machine A, sshd is bound to 192.168.1.1. However it's possible to ssh into 192.168.1.1 from machine B. Why could that be the case?

TCP forwarding is not enabled on Machine A. Also, machine B does not have an SSH ProxyCommand defined. Is there some other way that traffic received on 192.168.150.1 is being routed to 192.168.1.1?

Fidel
  • 373
  • 1
  • 4
  • 19
  • 2
    IP addresses are meaningless without subnet masks. Please edit your question to include that information. – EEAA Jul 04 '16 at 21:16
  • hi, You can bind sshd to particular nic sshd_config > ListenAddress to prevent "The option ListenAddress specifies the IP address of the interface network on which the ssh daemon server socket is bind. The default is 0.0.0.0; to improve security you may specify only the required ones to limit possible addresses. " like exim - listening on all interfaces by default – integratorIT Jul 05 '16 at 10:15

1 Answers1

2

Linux uses the strong end system model. IP addresses do not act in a way as if they were different machines. Instead a machine acts like it owns all its IP addresses.

Since 192.168.150.1 and 192.168.1.1 are the same machine, no forwarding or routing is needed. If you reach one, you've reached the other.

David Schwartz
  • 31,449
  • 2
  • 55
  • 84