Shorewall users - Apr 2008 - Cannot use SSH from dmz to lan

Hello,
   
  The shorewall version is shorewall-3.0.7-1 installed in Centos 5.1 (kernal
2.6.18-53.el5) on March.
   
  Number one problem is:
   
  I edited the policy file was 
   
  dmz             loc             ACCEPT          info
   
  I could use 3389 remote desktop to loc Windows 2003 server but
couldn''t use SSH (22 port) to loc Linux server. Also I tried open that
two ports in rules file but still couldn''t made the connection between
dmz to loc.
   
  Here is the log, the log displayed dmz2loc was ACCEPT:
   
  Apr 26 18:40:33 shorewall kernel: Shorewall:dmz2loc:ACCEPT:IN=eth0 OUT=eth1
SRC=192.168.0.14 DST=172.16.1.245 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=8559 DF
PROTO=TCP SPT=3799 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0

   
  Thanks

       
---------------------------------
出差或去旅遊時，你可以隨時隨地用全新的 Yahoo! Messenger 網上版 跟你的朋友即時通訊及查詢對話訊息紀錄!

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don''t miss this year''s exciting event. There''s still
time to save $100.
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone

Wilson Kwok wrote:
> Hello,
>    
>   The shorewall version is shorewall-3.0.7-1 installed in Centos 5.1
(kernal 2.6.18-53.el5) on March.
>    
>   Number one problem is:
>    
>   I edited the policy file was 
>    
>   dmz             loc             ACCEPT          info
>    
>   I could use 3389 remote desktop to loc Windows 2003 server but
couldn''t use SSH (22 port) to loc Linux server. Also I tried open that
two ports in rules file but still couldn''t made the connection between
dmz to loc.
>    
>   Here is the log, the log displayed dmz2loc was ACCEPT:
>    
>   Apr 26 18:40:33 shorewall kernel: Shorewall:dmz2loc:ACCEPT:IN=eth0
OUT=eth1 SRC=192.168.0.14 DST=172.16.1.245 LEN=48 TOS=0x00 PREC=0x00 TTL=127
ID=8559 DF PROTO=TCP SPT=3799 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0
Use wireshark (ethereal) to work out whether you''re getting packets in
reply.  If the Windows box works, but the Linux box doesn''t, most
likely
the problem is routing or something like that.

Paul



-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don''t miss this year''s exciting event. There''s still
time to save $100.
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone

On Sat, Apr 26, 2008 at 10:41:45AM +0800, Wilson Kwok
wrote:
> Hello,
>    
>   The shorewall version is shorewall-3.0.7-1 installed in Centos 5.1
(kernal 2.6.18-53.el5) on March.
>    
>   Number one problem is:
>    
>   I edited the policy file was 
>    
>   dmz             loc             ACCEPT          info
>    
>   I could use 3389 remote desktop to loc Windows 2003 server but
couldn''t use SSH (22 port) to loc Linux server. Also I tried open that
two ports in rules file but still couldn''t made the connection between
dmz to loc.
>    
>   Here is the log, the log displayed dmz2loc was ACCEPT:
>    
>   Apr 26 18:40:33 shorewall kernel: Shorewall:dmz2loc:ACCEPT:IN=eth0
OUT=eth1 SRC=192.168.0.14 DST=172.16.1.245 LEN=48 TOS=0x00 PREC=0x00 TTL=127
ID=8559 DF PROTO=TCP SPT=3799 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0
> 
>    
Did you have a look at Shorewall FAQ #2?

Regards,

-Roberto

-- 
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com


-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don''t miss this year''s exciting event. There''s still
time to save $100.
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone