W dniu 2018-06-25 o 16:32, Tom Eastep pisze:
On 06/25/2018 12:15 AM, Bern D wrote:
Hi,
I use Ubuntu server 18.04 which is configured as a home router, gate,
firewall.
My ISP give me local IP address 192.168.15.145 which is seen from the
internet as public address 46.xxx.xxxx.xxxx.
I can login on my Ubuntu server (SSH) from local LAN or WLAN hosts
(using 10.10.10.1 and port 2225)
but cannot login using public address 46.xxx.xxx.xxxx from my LAN/WLAN.
At the same time I can login to my server using address 46.xxx.xxx.xxxx
from other devices (eg my phone or tablet connected to GSM/LTE network).
How to change Shorewall configuration to enabe SSH access to my public
address 46.xxx.xxxx.xxxx from the local hosts?
In rules:
SSH(DNAT-) loc $FW:10.10.10.1 - - 46.xxx.xxx.xxx
-Tom
Hi,
I tried to replace current line:
SSH(ACCEPT) loc $FW
in my /etc/Shorewall/rules to new line
SSH(DNAT-) loc $FW:10.10.10.1 - - 46.xxx.xxx.xxx
but received the warning and error:
sudo shorewall check
Checking using Shorewall 5.1.12.2...
....
Checking /etc/shorewall/rules...
WARNING: The destination zone (fw) is ignored in DNAT rules
/usr/share/shorewall/macro.SSH (line 9)
from /etc/shorewall/rules (line 16)
ERROR: Invalid/Unknown tcp port/service (46.xxx.xxx.xxx)
/usr/share/shorewall/macro.SSH (line 9)
from /etc/shorewall/rules (line 16)
So I added one more ' -' before address 46.xxx.xxx.xx.
The error has disappeared but warning still exists and cannot log on my
server ("Connection refused") using SSH and 46.xxx.xxx.xx address.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
