Thanks to both of you for your help; well, I did add the "0/0_24" comment as suggested, but no luck, HOWEVER, I then REMOVED the sshd.lrp package, and was able to access the inside web server running on the redhat machine via ssh.
Now the problem becomes how I manage my fw. Because of a lack of monitors, I remotely manage both the fw and the rh web server via ssh thru a WinXP box, so removal of the sshd.lrp package makes managing the fw with out accessing it locally impossible. On the other hand, when I shut down the port forwading of ssh traffic: #INTERN_SSH_SERVER=192.168.1.200 # Internal SSH server to make available #EXTERN_SSH_PORT=24 # External port to use for internal SSH access I still am unable to ssh directly into the fw; instead, I'm getting a connection time out-message. In an ideal world, I'd like to: 1. ssh into either the fw or the rh machine remotely; 2. ssh into the fw, and "piggyback" -ssh from the fw into the rh machine Can anyone at least show me what I'm doing incorrectly to not be able to remotely ssh into the fw? BTW, I didn't change the "0/0_22" or "0/0_24" comments from the "EXTERN_TCP_PORTS=" line Earl ----- Original Message ----- From: <[EMAIL PROTECTED]> To: "M Lu" <[EMAIL PROTECTED]> Cc: "Earl Wilson" <[EMAIL PROTECTED]>; <leaf-user@lists.sourceforge.net> Sent: Tuesday, August 16, 2005 11:22 AM Subject: Re: [leaf-user] Port-forwarding ssh thru Dachstein > I think you are correct on the EXTERN_TCP_PORTS line, in fact I'm quite > sure you are correct, however, instead of replacing the 0/0_22 line, it > might be best to add 0/0_24, unless ssh directly the box is not needed, > again Earl will need to answer that. > > Joey > > ----- Original Message ----- > From: M Lu <[EMAIL PROTECTED]> > Date: Tuesday, August 16, 2005 8:16 am > Subject: Re: [leaf-user] Port-forwarding ssh thru Dachstein > > > If Earl wants to use external port 24, then may be he should use > > > > EXTERN_TCP_PORTS="0/0_21 0/0_80 0/0_24" > > > > instead of > > > > >> >> EXTERN_TCP_PORTS="0/0_21 0/0_80 0/0_22" > > > > Anyway, Earl will figure the port usage. > > > > > > > > ----- Original Message ----- > > From: <[EMAIL PROTECTED]> > > To: "M Lu" <[EMAIL PROTECTED]> > > Cc: "Earl Wilson" <[EMAIL PROTECTED]>; > > <leaf-user@lists.sourceforge.net> > > Sent: Tuesday, August 16, 2005 9:04 AM > > Subject: Re: [leaf-user] Port-forwarding ssh thru Dachstein > > > > > > > This allows an individual to SSH directly to the external IP > > address,> using port 24, and Dachstein has an explicit rule to > > forward port 24 > > > (ssh traffic only) to the internal_ssh_server ... actually works > > quite> nicely, and is essentially the same thing as the DNAT under > > Shorewall,> except that you don't have to change the SSHd server on > > the internal box > > > to 24, you leave it as 22 (if I recall correctly). > > > > > > Sorry to throw in my 2 cents into the thread... > > > > > > joey > > > > > > ----- Original Message ----- > > > From: M Lu <[EMAIL PROTECTED]> > > > Date: Tuesday, August 16, 2005 7:30 am > > > Subject: Re: [leaf-user] Port-forwarding ssh thru Dachstein > > > > > >> I do not remember Dachstein very well but just wonder why you have > > >> > > >> >> EXTERN_SSH_PORT=24? > > >> > > >> Also I have seen some ISPs rejecting SSH traffic so consider that > > >> possibility too. You can test that by temporary portforwarding some > > >> other > > >> port (e.g. 80 as you know for sure 80 is allowed) to 22 and test > > >> SSH client > > >> with port 80. > > >> > > >> > > >> > > >> ----- Original Message ----- > > >> From: "Earl Wilson" <[EMAIL PROTECTED]> > > >> To: <leaf-user@lists.sourceforge.net> > > >> Sent: Monday, August 15, 2005 11:04 PM > > >> Subject: Fw: [leaf-user] Port-forwarding ssh thru Dachstein > > >> > > >> > > >> .. > > >> >> TCP services open to outside world > > >> >> # Space seperated list: srcip/mask_dstport > > >> >> EXTERN_TCP_PORTS="0/0_21 0/0_80 0/0_22" > > >> >> > > >> >> > > >> >> (next 2 lines show open ports that are working w/no issues) > > >> >> > > >> >> INTERN_FTP_SERVER=192.168.1.4 # Internal FTP server to make > > >> available>> INTERN_WWW_SERVER=192.168.1.200 # Internal WWW server > > >> to make > > >> > available > > >> >> > > >> >> > > >> >> INTERN_SSH_SERVER=192.168.1.200 # Internal SSH server to make > > >> > available > > >> >> EXTERN_SSH_PORT=24 # External port to use for > > internal>> > SSH > > >> >> access > > >> >> > > > > > ------------------------------------------------------- > SF.Net email is Sponsored by the Better Software Conference & EXPO > September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices > Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA > Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf > ---------------------------------------------------------------------- -- > leaf-user mailing list: leaf-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/leaf-user > Support Request -- http://leaf-project.org/ > ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
