Hey fellas, and girls ... I have been struggling with this for a few days now and I just can't seem to figure it out. :-(
I want to be able to SSH from the INTERNET to a SERVER on my LOCAL LAN, behind a SHOREWALL firewall. I have MASQ working great and all users can access the internet from the LOCAL LAN I also have PORT FORWARDING working for a HTTP/HTTPS SERVER on our LOCAL LAN, through the FIREWALL. This used to work with TWO CONSUMER ROUTERS, "nested" within each other. The only difference now is ... I replaced the "INTERNAL ROUTER" with a SHOREWALL FIREWALL. I used the 2NIC configuration help guidelines. Technically my "TESTING COMPUTER" in my diagram is part of the DMZ, right? My Question ... how can I SSH from the INTERNET to my LOCAL LAN via port 22. I will change the port to something else externally later, but you can show that too. I am sure both are very similar. Also, I can't seem to SSH from the TESTING computer either. Why? I try SSH'ing from the testing computer to ... 192.168.2.7 port 22 When I look here ... Chain PREROUTING (policy ACCEPT 2408 packets, 153K bytes) pkts bytes target prot opt in out source destination 0 0 DNAT tcp -- enp2s8 * 0.0.0.0/0 192.168.2.11 tcp dpt:22 to:10.0.0.42:22 I see "0 packets". On my FIREWALL ... enp2s8 (WAN) and enp2s3 (LAN) Here is my setup ... ------------------- ------------------------------------------ | | | | | INTERNET |-------| HOME COMPUTER | | | | (Trying to SSH from here) | ------------------- ----------------------------------------- | | ----------------------------------------------------------- | 77.x.x.x PORTFORWARDING | | ISP SUPPLIED SOURCE TCP 22 | | MODEM/ROUTER 192.168.2.7 | | 192.168.2.1 DEST TCP 22 | ---------------------------------------------------------| | | | ------------------------------------------- | | TESTING Computer | |---------------------------| 192.168.2.11 | | | (I want to SSH from here too) | | ------------------------------------------ | -------------------------------- | 192.168.2.7 | | ROUTER/FIREWALL | | MODEM/ROUTER | | 10.0.0.15 | -------------------------------- | | ------------------------------ | 10.0.0.42 | | SSH SERVER | | (I can't reach here) | ------------------------------ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users