unable to SSH to machine over LAN

Hi santanu,
Thank you for your reply. I am confused really, that's why my description was confusing!

So:
1. I am testing ssh from one computer to itself typing "ssh me@localhost" (hostname, in this case), and when i try to ssh to the other mac in the LAN i type "ssh username@10.0.1.7" (IP in this case) because that is what it told me to do in the Sharing prefs pane;
2. The D-Link is a cable modem and router, but it is configured as a bridge, so i think it only plays the modem role, right?
3. I am using DHCP everywhere;
4. The TC is providing the DHCP service in the LAN;
5. Well, i don't know how to discover the D-Link LAN IP address without connecting it directly by a cable to my Macbook (thus removing the TC completely from the LAN). When i do this, i am able to access the D-Link web configuration interface at 10.1.1.1. Looking at the Sharing pref pane with the LAN set up as described in 2, 3 and 4, it says the router address is 10.0.1.1, i supose this is the TC's IP in the LAN. In the Airport Utility it says "my" IP is 201.29.131.242, i guess that is the IP address the ISP assigned to my router (the TC).
6. That would be 201.29.131.242, right? It changes from time to time, the TC drops the connection sometimes. Not a TC problem, the ISP is not that good here.

I understood the directions on how to change the subnet mask in the TC, but to do that i have to select "connect using ethernet" first, otherwise it will not show the "configure IPv4" option. I am using "connect using PPPoE", and i type in my username and password (required by the ISP). Is there a different way to set this up if i need to provide a username and password?
Connection sharing is greyed out (using PPPoE), but it reads "share a public IP address".

If you need me to do any troubleshooting, please just tell me. Thank you for your help.

Hey santanu,
I will try that and post the results in a couple of hours (i must keep the internet working right now).
Thanks again!

Hey Santanu,
Back from work, kid asleep, then i changed the configuration as you instructed.

I see the D-Link is now the router, and the TC is acting only as a switch (both wired and wireless), right? What i have now is:
- The D-Link has my username and password, and i can access its web interface. All seems right.
- The TC shows its green light. I has an IP of 10.1.1.35 (which i gave it since the D-Link web interface says "end IP address 10.1.1.34" in its DHCP config page).
- I set the TC's subnet mask to match the D-Link's, both show 255.0.0.0. Router and DNS addresses in the TC are set to 10.1.1.1 (the D-Links IP address).

After this i pasted the ifconfig comand (with the typo corrected). The result, as far as i can tell, was that a inet 10.1.1.x comand was issued at each machine, were x is the machine end IP number as assigned by the router.

Unfortunately, i still can't connect with ssh. The verbose result is (from machine 10.1.1.3 to 10.1.1.8):

macbook-eduardo:~ eduardo$ ssh -v eduardo@10.1.1.8
OpenSSH_5.1p1, OpenSSL 0.9.7l 28 Sep 2006
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to 10.1.1.8 [10.1.1.8] port 22.
debug1: connect to address 10.1.1.8 port 22: Operation timed out
ssh: connect to host 10.1.1.8 port 22: Operation timed out

Now i would have to ask three questions:
1. Did i follow your instructions correctly?
2. I would have to change the subnet mask to 255.255.0.0 so my wife's VPN works right (some time ago, it wouldn't connect with 255.0.0.0, and changing it to 255.255.0.0 made the trick). I tried this, changing the value in the D-Link, the TC, and renewing the Mac's DHCP concession, and even the internet would be inaccessible. Can i use a different subnet mask?
3. Even if your configuration works, which will be a great improvement, there would be one small thing: my D-Link is like 10 years old, and it isn't UPnP. I bought the TC mainly because it has NAT/PMP and i can use Lighthouse to forward ports efforlessly. Using the D-Link as the router defeats the purpose of having bought the TC!

Thanks again for your time and patience.

- disregard this one please -

Ok, i decided to reboot the Macs - it looked like that ifconfig command was an elegant way to do the same as rebooting. Rebooting solved the problem: i can now ssh in the LAN (and outwards too).

Now only two questions remain: 2 and 3 above. Can i have a more restrictive subnet mask (255.255.0.0 for example)? Is there a way to make it all work, and keep the NAT-PMP capabilities as when i have the TC working as a router?

Hi Santanu,

Thank you for your explanation on the subnet mask, that was enlightening. And of course thank you for helping me sort the problem out. Now even my wife's VPN is working fine.

santanu wrote:
So, does it simply mean your D-Link router can't do NAT thing? What thing you think missing not having UPnP?

This Light house program (please see here: http://www.codelaide.com/blog/products/lighthouse ) is a dynamic port forwarding utility: if the router in UPnP or NAT-PMP the program controls it, and you can turn port forwarding on and off with a single click. No need to go into the router's configuration interface or reboot it.
Now i can do the port forwarding by typing 10.1.1.1 in the browser and setting port forwarding, and i also have to set some static IP addresses in the LAN. But with UPnP all i have to do is click on my menubar!

santanu wrote:
You can just have a modem this time ( not the modem/router that you presently have) and then let TC to do the NAT, DHCP etc. Does it make any sense to you?

Oh, i didn't understand thi one. When i had my old configuration, before you helped me, my D-Link which is a modem/router was in bridge mode - doesn't that mean it is acting as a modem only? And i did have my TC configured to do the NAT and DHCP! That setup was causing the problems, right?
Now , after you helped me out, i have the D-Link configured to act as the modem and do the NAT & DHCP thing, and the TC is just a switch. If i buy a new modem which is a modem only (not a router too), i will go back to my old setup, won't i?

Thank you again for your time and patience in walking me through all this.

Hey santanu,

All of your help was very useful, thank you. I got my network working! I will try to set it up with the D-Link as a bridged modem and the TC as the router again, to see what happens, but if it doesn't work i know how to go back.

Thanks a lot!

I have the firewall on on both my Mini and my Macbook (with remote login enabled in the Sharig pane). Both work after following santanu's instructions.

However, i have one more piece of info to share: i took my Macbook on the road and connected in a hotel room. Back home, i plugged into my network: i could ssh from my Macbook to my Mini, but not from my Mini to my Macbook.
I closed my session in the Macbook and started again, but nothing changed. Then i rebooted my Macbook, and all came back to normal.

So it looks like it's not the setup at home, or at least it is not only the setup at home. I hope there is a gracefull method of getting things back to normal after a trip - a command line script or something like the command santanu directed me to issue before, so i don't have to reboot every time i come back home.

I still have to test the network again in my original configuration (TC as router, bridged modem) and reboot all machines to see if i can get ssh working in that setup too. Please standby for the results...