Fwd: SSH and Firewalls?
jtannenba
plug-discuss@lists.plug.phoenix.az.us
Wed, 12 Jun 2002 08:42:18 -0700 (PDT)
I think you meant this to go to the plug list...
Joe
--- Steve Holmes <steve@holmesgrown.com> wrote:
> From: Steve Holmes <steve@holmesgrown.com>
> To: speakup@braille.uwo.ca
> Subject: SSH and Firewalls?
> Date: Tue, 11 Jun 2002 07:07:39 -0700
>
> Question about running ssh over a masqueraded
> network:
>
> I have a linux box that serves as the "point"
> machine for my network
> on which I forward ports with ipchains (2.2 kernel)
> to to inside
> amachines which each run sshd. My outside machine
> currently is not
> running ssh yet. If the default policy on my input
> chain is ACCEPT, I
> can successfully forward non standard ports through
> to specific
> machines an establish ssh sessions on them with no
> problems. If I
> default the input chain to DENY, as is done in
> endoshield script, The
> connections time out and I cannot connect. In both
> cases, I forward
> the same ports.
>
> Bottom line, If I use endoshield and add on the
> ipfwadm commands to
> forward the ports mentioned above, connections time
> out; If I do not
> use endoshield but use a simpler script that
> basically leaves the
> input chain wide open, I can establish the ssh
> sessions - no problem.
>
> Any ideas out there, dispite this confusing message?
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml
> if your mail doesn't post to the list quickly and
> you use Netscape to write mail.
>
> PLUG-discuss mailing list -
> PLUG-discuss@lists.plug.phoenix.az.us
>
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com