[Shorewall-users] I have Shorewall working except for one little bitty thing ...

[William Papolis]

Hey fellas, and girls ...

I have been struggling with this for a few days now and I just can't
seem to figure it out. :-(

I want to be able to SSH from the INTERNET to a SERVER on my LOCAL
LAN, behind a SHOREWALL firewall.
I have MASQ working great and all users can access the internet from
the LOCAL LAN
I also have PORT FORWARDING working for a HTTP/HTTPS SERVER on our
LOCAL LAN, through the FIREWALL.

This used to work with TWO CONSUMER ROUTERS, "nested" within each
other. The only difference now is ... I replaced the "INTERNAL ROUTER"
with a SHOREWALL FIREWALL. I used the 2NIC configuration help
guidelines. Technically my "TESTING COMPUTER" in my diagram is part of
the DMZ, right?

My Question ... how can I SSH from the INTERNET to my LOCAL LAN via
port 22. I will change the port to something else externally later,
but you can show that too. I am sure both are very similar. Also, I
can't seem to SSH from the TESTING computer either. Why?
I try SSH'ing from the testing computer to ... 192.168.2.7 port 22

When I look here ...

Chain PREROUTING (policy ACCEPT 2408 packets, 153K bytes)
 pkts bytes target     prot opt in     out     source
destination
    0     0 DNAT       tcp  --  enp2s8 *       0.0.0.0/0
192.168.2.11         tcp dpt:22 to:10.0.0.42:22

I see "0 packets".

On my FIREWALL ... enp2s8 (WAN) and enp2s3 (LAN)


Here is my setup ...

-------------------        ------------------------------------------
|                     |         |
         |
|  INTERNET |-------|    HOME COMPUTER           |
|                     |         | (Trying to SSH from here)     |
-------------------         -----------------------------------------
       |
       |
-----------------------------------------------------------
| 77.x.x.x                   PORTFORWARDING |
| ISP SUPPLIED       SOURCE TCP 22       |
| MODEM/ROUTER  192.168.2.7                |
| 192.168.2.1             DEST TCP 22            |
---------------------------------------------------------|
        |
        |
        |
-------------------------------------------
        |                                 |   TESTING Computer              |
        |---------------------------|   192.168.2.11                          |
        |                                 | (I want to SSH from here too) |
        |
------------------------------------------
        |
--------------------------------
| 192.168.2.7                |
| ROUTER/FIREWALL |
| MODEM/ROUTER     |
| 10.0.0.15                    |
--------------------------------
        |
        |
------------------------------
| 10.0.0.42                  |
| SSH SERVER          |
| (I can't reach here)   |
------------------------------


_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users