Originally I was having problems reaching servers via ssh; as it turns
out, ssh uses privledged ports for it's return connection. We were
blocking all ports less than 1024, so I fixed this by adding:
permit tcp any any lt 1024 established
to our access list, which has fixed the problem, allowing the router to
pass packets for established connections only back into our network.
Alternately, a more secure way of solving this is to use just SSH -P from
inside hosts.
Thanks to all who helped!
-john
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
