I think you meant this to go to the plug list... Joe --- Steve Holmes wrote: > From: Steve Holmes > To: speakup@braille.uwo.ca > Subject: SSH and Firewalls? > Date: Tue, 11 Jun 2002 07:07:39 -0700 > > Question about running ssh over a masqueraded > network: > > I have a linux box that serves as the "point" > machine for my network > on which I forward ports with ipchains (2.2 kernel) > to to inside > amachines which each run sshd. My outside machine > currently is not > running ssh yet. If the default policy on my input > chain is ACCEPT, I > can successfully forward non standard ports through > to specific > machines an establish ssh sessions on them with no > problems. If I > default the input chain to DENY, as is done in > endoshield script, The > connections time out and I cannot connect. In both > cases, I forward > the same ports. > > Bottom line, If I use endoshield and add on the > ipfwadm commands to > forward the ports mentioned above, connections time > out; If I do not > use endoshield but use a simpler script that > basically leaves the > input chain wide open, I can establish the ssh > sessions - no problem. > > Any ideas out there, dispite this confusing message? > ________________________________________________ > See http://PLUG.phoenix.az.us/navigator-mail.shtml > if your mail doesn't post to the list quickly and > you use Netscape to write mail. > > PLUG-discuss mailing list - > PLUG-discuss@lists.plug.phoenix.az.us > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com