Fwd: SSH and Firewalls?

jtannenba plug-discuss@lists.plug.phoenix.az.us
Wed, 12 Jun 2002 08:42:18 -0700 (PDT)


I think you meant this to go to the plug list...
Joe

--- Steve Holmes <steve@holmesgrown.com> wrote:
> From: Steve Holmes <steve@holmesgrown.com>
> To: speakup@braille.uwo.ca
> Subject: SSH and Firewalls?
> Date: Tue, 11 Jun 2002 07:07:39 -0700
> 
> Question about running ssh over a masqueraded
> network:
> 
> I have a linux box that serves as the "point"
> machine for my network
> on which I forward ports with ipchains (2.2 kernel)
> to to inside
> amachines which each run sshd.  My outside machine
> currently is not
> running ssh yet.  If the default policy on my input
> chain is ACCEPT, I
> can successfully forward non standard ports through
> to specific
> machines an establish ssh sessions on them with no
> problems.  If I
> default the input chain to DENY, as is done in
> endoshield script, The
> connections time out and I cannot connect.  In both
> cases, I forward
> the same ports.
> 
> Bottom line, If I use endoshield and add on the
> ipfwadm commands to
> forward the ports mentioned above, connections time
> out; If I do not
> use endoshield but use a simpler script that
> basically leaves the
> input chain wide open, I can establish the ssh
> sessions - no problem.
> 
> Any ideas out there, dispite this confusing message?
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml
> if your mail doesn't post to the list quickly and
> you use Netscape to write mail.
> 
> PLUG-discuss mailing list  - 
> PLUG-discuss@lists.plug.phoenix.az.us
>
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss


__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com