Hi, I''ve just set up a basic ppp firewall/router for my office where initially i want to let everything from LAN to Internet and firewall, everything from firewall to internet, but nothing in from the internet It all seems to work fine accessing the internet. However, i am unable to ssh to my firewall machine, "connection refused" I can ssh from my firewall to the LAN, I can ssh to itself ( to both Localhost, and its own internal ip ). Also, while playing with the iptables rules, clearing out, adding my own etc, i found that once i had esablished an SSH connection from a LAN machine to the firewall, and THEN restarted shorewall with my earlier setup, the already established ssh connection remained fully functional. So i believe sshd to be working. But again, no further connections could be made : "Connection refused" Although i think i tried both enabling and disabling the ''auth refuse'' example rule, maybe i didnt, might this help? Any ideas are much appreciated! Thanks
Good! There''s a corrected firewall script in the errata that will catch this error in the start, restart and check commands. -Tom ----- Original Message ----- From: "Hugh McGuirk" <hugh.mcguirk@propylon.com> To: "Tom Eastep" <teastep@shorewall.net> Sent: Friday, May 24, 2002 8:07 AM Subject: RE: [Shorewall-users] SSH access to firewall> Ah, yes, that did the trick. > > Thanks. > > > > -----Original Message----- > From: Tom Eastep [mailto:teastep@shorewall.net] > Sent: 24 May 2002 15:26 > To: Hugh McGuirk > Subject: Re: [Shorewall-users] SSH access to firewall > > > > ----- Original Message ----- > From: "Hugh McGuirk" <hugh.mcguirk@propylon.com> > To: "Tom Eastep" <teastep@shorewall.net> > Sent: Friday, May 24, 2002 1:35 AM > Subject: RE: [Shorewall-users] SSH access to firewall > > > > I forgot to mention that there is nothing in the logs to indicate any > droped > > or rejected packets. > > > > My POLICY file is as follows: > > > > loc net ACCEPT > > loc $fw ACCEPT > > $fw loc ACCEPT > > $fw net ACCEPT > > all all DROP info > > > > My RULES is as follows: > > > > #forward DNS requests from firewall to external DNS server, untilinternal> > DNS cacher is set up > > ACCEPT loc net:195.218.116.2 all 53 - 200.200.200.3 > > > > Hmmm -- it is a bug in Shorewall that this rules doesn''t generate anerror.> The "53" is being ignored so that ALL connection requests from ''loc'' to > 200.200.200.3 are being forwarded to 195.218.116.2. Replace this with two > rules; one for tcp and one for udp. > > -Tom > >