-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Earl Wilson wrote:
| Thanks to both of you for your help; well, I did add the "0/0_24"
| comment as suggested, but no luck, HOWEVER, I then REMOVED the sshd.lrp
| package, and was able to access the inside web server running on the
| redhat machine via ssh.
|
| Now the problem becomes how I manage my fw. Because of a lack of
| monitors, I remotely manage both the fw and the rh web server via ssh
| thru a WinXP box, so removal of the sshd.lrp package makes managing the
| fw with out accessing it locally impossible. On the other hand, when I
| shut down the port forwading of ssh traffic:
|
| #INTERN_SSH_SERVER=192.168.1.200 # Internal SSH server to make available
| #EXTERN_SSH_PORT=24 # External port to use for internal
| SSH access
|
| I still am unable to ssh directly into the fw; instead, I'm getting a
| connection time out-message. In an ideal world, I'd like to:
|
| 1. ssh into either the fw or the rh machine remotely;
| 2. ssh into the fw, and "piggyback" -ssh from the fw into the rh machine
|
| Can anyone at least show me what I'm doing incorrectly to not be able to
| remotely ssh into the fw?
|
| BTW, I didn't change the "0/0_22" or "0/0_24" comments from the
| "EXTERN_TCP_PORTS=" line
I run ssh on the firewall, *AND* on internal machine(s). I use port 22x
instead of port 24, but the theory is the same. I also change the
destination port while port-forwarding so the internal machine can still run
ssh on the default port 22 (I access the machines more from the internal
network than outside, and running ssh on an alternate port would be annoying).
As always, you must both allow the traffic through the firewall, as well as
set up appropriate port-forwarding rules. Also, there are several ways to
do this, as many features of the Dachstein network.conf overlap.
The settings I use in /etc/network.conf to do this:
# To port-forward to the internal machine
INTERN_SERVERS="tcp_${EXTERN_IP}_221_10.28.18.10_22
~ tcp_${EXTERN_IP}_222_10.28.18.33_22"
# To allow the outside world to access the servcies
EXTERN_TCP_PORTS="0/0_ssh 0/0_221 0/0_222"
...of course, you can make the firewall rules more restrictive, if desired.
- --
Charles Steinkuehler
[EMAIL PROTECTED]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFDBhUqLywbqEHdNFwRAsB3AKDsaFf32R7zZZMKmxn/1vf73O2JEQCfcxDi
vdwJomCQ6nSpLbrtckD0p8M=
=AavA
-----END PGP SIGNATURE-----
-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
------------------------------------------------------------------------
leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/
