On 1/31/2014 5:53 AM, "José D. Grieco" wrote: > Ok, > > tanks > > Em 31-01-2014 11:24, Roberto C. Sánchez escreveu: >> On Fri, Jan 31, 2014 at 09:23:48AM -0200, "José D. Grieco" wrote: >>> Hi, >>> >>> any advice?? >>> >>> Em 27-01-2014 14:43, "José D. Grieco" escreveu: >>> >>> Hi, Roberto, >>> >>> The 'ssh -vvv [1]jdgrieco@192.168.1.10' output is: >>> >>> OpenSSH_5.9p1 Debian-5ubuntu1.1, OpenSSL 1.0.1 14 Mar 2012 >>> debug1: Reading configuration data /home/jdgrieco/.ssh/config >>> debug1: Reading configuration data /etc/ssh/ssh_config >>> debug1: /etc/ssh/ssh_config line 19: Applying options for * >>> debug2: ssh_connect: needpriv 0 >>> debug1: Connecting to 192.168.1.10 [192.168.1.10] port 22. >>> debug1: Connection established. >>> debug3: Incorrect RSA1 identifier >>> debug3: Could not load "/home/jdgrieco/.ssh/id_rsa" as a RSA1 public >>> key >>> debug1: identity file /home/jdgrieco/.ssh/id_rsa type 1 >>> debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048 >>> debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048 >>> debug1: identity file /home/jdgrieco/.ssh/id_rsa-cert type -1 >>> debug1: identity file /home/jdgrieco/.ssh/id_dsa type -1 >>> debug1: identity file /home/jdgrieco/.ssh/id_dsa-cert type -1 >>> debug1: identity file /home/jdgrieco/.ssh/id_ecdsa type -1 >>> debug1: identity file /home/jdgrieco/.ssh/id_ecdsa-cert type -1 >>> ssh_exchange_identification: read: Connection reset by peer >>> >> Hi José, >> >> I apologize for letting this drop off. Wayne does bring up some good >> points, but the fact that the connection works when clear Shorewall >> indicates that the problem may be Shorewall-related. I have not >> encountered this particular problem, so I don't have any suggestion to >> offer. I talked with Tom in IRC about this, and he and someone else >> offered a suggestion, but I no longer have the conversation available, >> and I do not recall the suggestions. >> >> If they do not reply in this thread, I recommend joining the IRC channel >> and asking your question there.
Jose: You have a bad DNAT rule that looks similar to this: DNAT net loc:192.168.0.2:3389 tcp It is missing the DESTINATION PORT(S) entry, causing *all* incoming TCP connections to be forwarded to port 3389 at 192.168.0.2. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ WatchGuard Dimension instantly turns raw network data into actionable security intelligence. It gives you real-time visual feedback on key security issues and trends. Skip the complicated setup - simply import a virtual appliance and go from zero to informed in seconds. http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users