-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Earl Wilson wrote:
| Thanks to both of you for your help; well, I did add the "0/0_24" | comment as suggested, but no luck, HOWEVER, I then REMOVED the sshd.lrp | package, and was able to access the inside web server running on the | redhat machine via ssh. | | Now the problem becomes how I manage my fw. Because of a lack of | monitors, I remotely manage both the fw and the rh web server via ssh | thru a WinXP box, so removal of the sshd.lrp package makes managing the | fw with out accessing it locally impossible. On the other hand, when I | shut down the port forwading of ssh traffic: | | #INTERN_SSH_SERVER=192.168.1.200 # Internal SSH server to make available | #EXTERN_SSH_PORT=24 # External port to use for internal | SSH access | | I still am unable to ssh directly into the fw; instead, I'm getting a | connection time out-message. In an ideal world, I'd like to: | | 1. ssh into either the fw or the rh machine remotely; | 2. ssh into the fw, and "piggyback" -ssh from the fw into the rh machine | | Can anyone at least show me what I'm doing incorrectly to not be able to | remotely ssh into the fw? | | BTW, I didn't change the "0/0_22" or "0/0_24" comments from the | "EXTERN_TCP_PORTS=" line I run ssh on the firewall, *AND* on internal machine(s). I use port 22x instead of port 24, but the theory is the same. I also change the destination port while port-forwarding so the internal machine can still run ssh on the default port 22 (I access the machines more from the internal network than outside, and running ssh on an alternate port would be annoying). As always, you must both allow the traffic through the firewall, as well as set up appropriate port-forwarding rules. Also, there are several ways to do this, as many features of the Dachstein network.conf overlap. The settings I use in /etc/network.conf to do this: # To port-forward to the internal machine INTERN_SERVERS="tcp_${EXTERN_IP}_221_10.28.18.10_22 ~ tcp_${EXTERN_IP}_222_10.28.18.33_22" # To allow the outside world to access the servcies EXTERN_TCP_PORTS="0/0_ssh 0/0_221 0/0_222" ...of course, you can make the firewall rules more restrictive, if desired. - -- Charles Steinkuehler [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFDBhUqLywbqEHdNFwRAsB3AKDsaFf32R7zZZMKmxn/1vf73O2JEQCfcxDi vdwJomCQ6nSpLbrtckD0p8M= =AavA -----END PGP SIGNATURE----- ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/