I have these in my rules file: ACCEPT loc fw tcp 22 ACCEPT net fw tcp 22 but I cannot ssh in form an outside IP address. What am I doing wrong? TIA, =C * Cal Evans * Stay plugged into your audience. * http://www.christianperformer.com
Cal Evans (11.2.2003 16:22):>I have these in my rules file: >ACCEPT loc fw tcp 22 >ACCEPT net fw tcp 22 > >but I cannot ssh in form an outside IP address. What am I doing wrong?what is your policy for communication between fw and loc or fw and net ?
On Tue, 2003-02-11 at 07:22, Cal Evans wrote:> I have these in my rules file: > ACCEPT loc fw tcp 22 > ACCEPT net fw tcp 22 > > but I cannot ssh in form an outside IP address. > > What am I doing wrong?Cal, The first thing you need to do is read the Support page, and follow the instructions provided. If you still have problems post again with the diagnostic information it suggests. Thanks. # Support http://shorewall.net/support.htm -- Mike Noyes <mhnoyes @ users.sourceforge.net> http://sourceforge.net/users/mhnoyes/ http://leaf-project.org/ http://sitedocs.sf.net/ http://ffl.sf.net/
Cal Evans wrote:> I have these in my rules file: > ACCEPT loc fw tcp 22 > ACCEPT net fw tcp 22 > > but I cannot ssh in form an outside IP address. What am I doing wrong? >Nothing wrong with your Shorewall rules. Type "shorewall clear" then try to connect from outside. If you still can''t, then your problem has nothing to do with Shorewall. Be sure to "shorewall start" immediately after your test. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
Cal Evans wrote:>I have these in my rules file: >ACCEPT loc fw tcp 22 >ACCEPT net fw tcp 22 > >but I cannot ssh in form an outside IP address. What am I doing wrong? > >TIA, >=C> >* Cal Evans >* Stay plugged into your audience. >* http://www.christianperformer.com > >_______________________________________________ >Shorewall-users mailing list >Shorewall-users@lists.shorewall.net >http://lists.shorewall.net/mailman/listinfo/shorewall-users > >I think you can just add ACCEPT fw loc tcp 22 Bye, Peter
Great and mighty TimeLord many thanks for replying. :) My Policy file contains these lines: fw net ACCEPT fw loc ACCEPT net all DROP info all all REJECT info I''m assuming that this is the information you have requested. TIA, =C * Cal Evans * Stay plugged into your audience. * http://www.christianperformer.com -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net]On Behalf Of SHOREWALL TimeLord Sent: Tuesday, February 11, 2003 9:27 AM To: shorewall-users@lists.shorewall.net Subject: Re:[Shorewall-users] SSH rules not working Cal Evans (11.2.2003 16:22):>I have these in my rules file: >ACCEPT loc fw tcp 22 >ACCEPT net fw tcp 22 > >but I cannot ssh in form an outside IP address. What am I doing wrong?what is your policy for communication between fw and loc or fw and net ? _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.shorewall.net http://lists.shorewall.net/mailman/listinfo/shorewall-users
You might want to look at your /etc/hosts.allow and see if you allow sshd connection to ALL sshd: ALL Regardless, you should follow the problem reporting procedures described on the shorewall.net web site, if you want additional help. Telling us it doesn''t work doesn''t help much. There could be 1000 of reasons why it doesn''t work. On Tue, 2003-02-11 at 07:22, Cal Evans wrote:> I have these in my rules file: > ACCEPT loc fw tcp 22 > ACCEPT net fw tcp 22 > > but I cannot ssh in form an outside IP address. What am I doing wrong? > > TIA, > =C> > * Cal Evans > * Stay plugged into your audience. > * http://www.christianperformer.com > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.shorewall.net > http://lists.shorewall.net/mailman/listinfo/shorewall-users
Tom, Thanks for the reply but you cannot solve this problem. See the problem was not Shorewall, the problem is that I''m a Freakin'' Loon(tm) After about an hour of poking around in my Shorewall configs, I decided to double-check my sshd_config. Sure enough: ListenAddress 192.168.0.1 Sorry to have wasted the bandwidth, thanks to all who responded. =C * Cal Evans * Stay plugged into your audience. * http://www.christianperformer.com -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: Tuesday, February 11, 2003 9:38 AM To: Cal Evans Cc: shorewall-users@lists.shorewall.net Subject: Re: [Shorewall-users] SSH rules not working Cal Evans wrote:> I have these in my rules file: > ACCEPT loc fw tcp 22 > ACCEPT net fw tcp 22 > > but I cannot ssh in form an outside IP address. What am I doing wrong? >Nothing wrong with your Shorewall rules. Type "shorewall clear" then try to connect from outside. If you still can''t, then your problem has nothing to do with Shorewall. Be sure to "shorewall start" immediately after your test. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
Cal Evans (11.2.2003 16:38):>My Policy file contains these lines: >fw net ACCEPT >fw loc ACCEPT>>I have these in my rules file: >>ACCEPT loc fw tcp 22 >>ACCEPT net fw tcp 22Well, I think that problem is not in shorewall, because these policy and rules should allow SSH connection from outside to fw.