I think you are correct on the EXTERN_TCP_PORTS line, in fact I'm quite sure you are correct, however, instead of replacing the 0/0_22 line, it might be best to add 0/0_24, unless ssh directly the box is not needed, again Earl will need to answer that.
Joey ----- Original Message ----- From: M Lu <[EMAIL PROTECTED]> Date: Tuesday, August 16, 2005 8:16 am Subject: Re: [leaf-user] Port-forwarding ssh thru Dachstein > If Earl wants to use external port 24, then may be he should use > > EXTERN_TCP_PORTS="0/0_21 0/0_80 0/0_24" > > instead of > > >> >> EXTERN_TCP_PORTS="0/0_21 0/0_80 0/0_22" > > Anyway, Earl will figure the port usage. > > > > ----- Original Message ----- > From: <[EMAIL PROTECTED]> > To: "M Lu" <[EMAIL PROTECTED]> > Cc: "Earl Wilson" <[EMAIL PROTECTED]>; > <[email protected]> > Sent: Tuesday, August 16, 2005 9:04 AM > Subject: Re: [leaf-user] Port-forwarding ssh thru Dachstein > > > > This allows an individual to SSH directly to the external IP > address,> using port 24, and Dachstein has an explicit rule to > forward port 24 > > (ssh traffic only) to the internal_ssh_server ... actually works > quite> nicely, and is essentially the same thing as the DNAT under > Shorewall,> except that you don't have to change the SSHd server on > the internal box > > to 24, you leave it as 22 (if I recall correctly). > > > > Sorry to throw in my 2 cents into the thread... > > > > joey > > > > ----- Original Message ----- > > From: M Lu <[EMAIL PROTECTED]> > > Date: Tuesday, August 16, 2005 7:30 am > > Subject: Re: [leaf-user] Port-forwarding ssh thru Dachstein > > > >> I do not remember Dachstein very well but just wonder why you have > >> > >> >> EXTERN_SSH_PORT=24? > >> > >> Also I have seen some ISPs rejecting SSH traffic so consider that > >> possibility too. You can test that by temporary portforwarding some > >> other > >> port (e.g. 80 as you know for sure 80 is allowed) to 22 and test > >> SSH client > >> with port 80. > >> > >> > >> > >> ----- Original Message ----- > >> From: "Earl Wilson" <[EMAIL PROTECTED]> > >> To: <[email protected]> > >> Sent: Monday, August 15, 2005 11:04 PM > >> Subject: Fw: [leaf-user] Port-forwarding ssh thru Dachstein > >> > >> > >> .. > >> >> TCP services open to outside world > >> >> # Space seperated list: srcip/mask_dstport > >> >> EXTERN_TCP_PORTS="0/0_21 0/0_80 0/0_22" > >> >> > >> >> > >> >> (next 2 lines show open ports that are working w/no issues) > >> >> > >> >> INTERN_FTP_SERVER=192.168.1.4 # Internal FTP server to make > >> available>> INTERN_WWW_SERVER=192.168.1.200 # Internal WWW server > >> to make > >> > available > >> >> > >> >> > >> >> INTERN_SSH_SERVER=192.168.1.200 # Internal SSH server to make > >> > available > >> >> EXTERN_SSH_PORT=24 # External port to use for > internal>> > SSH > >> >> access > >> >> > ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf ------------------------------------------------------------------------ leaf-user mailing list: [email protected] https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
