This allows an individual to SSH directly to the external IP address, using port 24, and Dachstein has an explicit rule to forward port 24 (ssh traffic only) to the internal_ssh_server ... actually works quite nicely, and is essentially the same thing as the DNAT under Shorewall, except that you don't have to change the SSHd server on the internal box to 24, you leave it as 22 (if I recall correctly).
Sorry to throw in my 2 cents into the thread... joey ----- Original Message ----- From: M Lu <[EMAIL PROTECTED]> Date: Tuesday, August 16, 2005 7:30 am Subject: Re: [leaf-user] Port-forwarding ssh thru Dachstein > I do not remember Dachstein very well but just wonder why you have > > >> EXTERN_SSH_PORT=24? > > Also I have seen some ISPs rejecting SSH traffic so consider that > possibility too. You can test that by temporary portforwarding some > other > port (e.g. 80 as you know for sure 80 is allowed) to 22 and test > SSH client > with port 80. > > > > ----- Original Message ----- > From: "Earl Wilson" <[EMAIL PROTECTED]> > To: <leaf-user@lists.sourceforge.net> > Sent: Monday, August 15, 2005 11:04 PM > Subject: Fw: [leaf-user] Port-forwarding ssh thru Dachstein > > > .. > >> TCP services open to outside world > >> # Space seperated list: srcip/mask_dstport > >> EXTERN_TCP_PORTS="0/0_21 0/0_80 0/0_22" > >> > >> > >> (next 2 lines show open ports that are working w/no issues) > >> > >> INTERN_FTP_SERVER=192.168.1.4 # Internal FTP server to make > available>> INTERN_WWW_SERVER=192.168.1.200 # Internal WWW server > to make > > available > >> > >> > >> INTERN_SSH_SERVER=192.168.1.200 # Internal SSH server to make > > available > >> EXTERN_SSH_PORT=24 # External port to use for internal > > SSH > >> access > >> > >> > > > ------------------------------------------------------- > SF.Net email is Sponsored by the Better Software Conference & EXPO > September 19-22, 2005 * San Francisco, CA * Development Lifecycle > PracticesAgile & Plan-Driven Development * Managing Projects & > Teams * Testing & QA > Security * Process Improvement & Measurement * > http://www.sqe.com/bsce5sf------------------------------------------ > ------------------------------ > leaf-user mailing list: leaf-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/leaf-user > Support Request -- http://leaf-project.org/ > ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
