Scott> Heya. Regarding your firewall troubles, might I suggest that Scott> you please give the echowall.lrp package a try, available at Scott> ftp.echogent.com. It's expressly designed towards making an Scott> Eiger/Dach firewall with port-forwarding as easy as possible to Scott> setup.
I might take a look at this, but I think I know where the issue is with my network.conf file. Scott> In other words, it's meant for novice users. No offense! Just Scott> two of the things you wrote suggest you might be the target Scott> audience: I'm not sure I'm quite the target audience, but I'm not offended! I don't do much firewall stuff at all. Basically, I want port 22 on my Dachstein box to goto the sshd on the firewall, while I want port 24 forwarded into an internal machine. Scott> This rule is a bit reckless: it will allow any TCP packets Scott> from anywhere *to* anything hit your TCP port 24. Nothing Scott> typically listens to TCP port 24 (the IANA designates it as Scott> "any private email server"), so I suspect you either meant port Scott> 22 for SSH, or you changed your SSHd server to listen to port Scott> 24 instead. In any case...allowing a TCP connection from any Scott> address destined for any address shouldn't ever be required. Yeah, this I know. It's too far up in the chain and doesn't offer the proper protection to the system. Scott> Have a look at "www.echogent.com/cgi-bin/fwlog.pl" with this Scott> packet log. It's harmless noise, which the echowall package Scott> willl actually not report about, by default. I wish DachStein would not log this stuff by default either, since without it, I can actually do with a ramlog.lrp setting of 4mb, but without it I had to upto it 16mb. I guess I'm just on a noisy cable modem link. Thanks for your help, I'll look into echowall when I get a chance. John _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
