First of all, what do you mean by redirect port ? since it is already running on port 22 Just set it this way ACCEPT net fw 22 Assuming that the ssh is running on port 22 on the firewall. If SSH is running on a box in the local zone and it is on masq, DNAT net loc 22 That should do the trick. Regards, Jason -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of Anderson do Carmo de Oliveira Sent: Tuesday, April 13, 2004 12:54 AM To: Shorewall-users@lists.shorewall.net Subject: [Shorewall-users] Redirect Ports Helo, Sorry I have a shorewall gateway, V 1.4.10, running ok. I have a internal host, 192.168.1.x, running ssh service on port 22. I need to access it from the internet. I thinked to redirect port. How to do that? Need I to reconfigure sshd service ? What is the best way to doing that ? Best Regards, Anderson do Carmo de Oliveira _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm
Helo, Sorry I have a shorewall gateway, V 1.4.10, running ok. I have a internal host, 192.168.1.x, running ssh service on port 22. I need to access it from the internet. I thinked to redirect port. How to do that? Need I to reconfigure sshd service ? What is the best way to doing that ? Best Regards, Anderson do Carmo de Oliveira
On Mon, 12 Apr 2004 13:53:32 -0300 "Anderson do Carmo de Oliveira" <anderson@institutopaideia.org> wrote:> I need to access it from the internet.You don''t need to redirect, simply open it up (in rules): ACCEPT net loc:192.168.1.x tcp 22 -- Paul Slinski -o) Network Administrator /\ Global IQX, Inc. _\_v The information transmitted is intended only for the addressee and may contain confidential, proprietary and/or privileged material. Any unauthorized review, distribution or other use of or the taking of any action in reliance upon this information is prohibited. If you received this in error, please contact the sender and delete or destroy this message and any copies. Global IQX, Inc. has made strenuous efforts to ensure that email and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of Global IQX, Inc.
Hi there, I think it should be DNAT net loc:192.168.1.x tcp 22 Also, while SSH might be secure I always try to limit the amount of systems able to connect to the minimum. So if you should know which IP''s might need to connect DNAT net:w.x.y.z loc:192.168.1.x tcp 22 DNAT net:a.b.c.d..... might be better. Regards, Axel -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of Jason Png Sent: Montag, 12. April 2004 18:53 To: ''Mailing List for Shorewall Users'' Subject: RE: [Shorewall-users] Redirect Ports First of all, what do you mean by redirect port ? since it is already running on port 22 Just set it this way ACCEPT net fw 22 Assuming that the ssh is running on port 22 on the firewall. If SSH is running on a box in the local zone and it is on masq, DNAT net loc 22 That should do the trick. Regards, Jason -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of Anderson do Carmo de Oliveira Sent: Tuesday, April 13, 2004 12:54 AM To: Shorewall-users@lists.shorewall.net Subject: [Shorewall-users] Redirect Ports Helo, Sorry I have a shorewall gateway, V 1.4.10, running ok. I have a internal host, 192.168.1.x, running ssh service on port 22. I need to access it from the internet. I thinked to redirect port. How to do that? Need I to reconfigure sshd service ? What is the best way to doing that ? Best Regards, Anderson do Carmo de Oliveira _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm
A note to the original poster -- This is Shorewall FAQ #1!!! Please at least TRY to answer your own question before posting on the list. Jason Png wrote:> First of all, what do you mean by redirect port ? > since it is already running on port 22 > > Just set it this way > > ACCEPT net fw 22 > > Assuming that the ssh is running on port 22 on the firewall. > > If SSH is running on a box in the local zoneWhich the original poster said that it was... and it is on masq,> > DNAT net loc 22 >That should be: DNAT net loc:192.168.1.x tcp 22 If the original poster is running Mandrake and let Mandrake set up "Internet Connection Sharing", then this is the rule: DNAT net masq:192.168.1.x tcp 22 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Paul Slinski wrote:> On Mon, 12 Apr 2004 13:53:32 -0300 > "Anderson do Carmo de Oliveira" <anderson@institutopaideia.org> wrote: > > >>I need to access it from the internet. > > > You don''t need to redirect, simply open it up (in rules): > ACCEPT net loc:192.168.1.x tcp 22 > >Nice to see we''re giving this poor fellow lots of conflicting advice... :-) -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Yep :-) question is: how do we avoid this. One way would be to let you do all the support alone :-) Axel -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of Tom Eastep Sent: Montag, 12. April 2004 20:29 To: Mailing List for Shorewall Users Subject: Re: [Shorewall-users] Redirect Ports Paul Slinski wrote:> On Mon, 12 Apr 2004 13:53:32 -0300 > "Anderson do Carmo de Oliveira" <anderson@institutopaideia.org> wrote: > > >>I need to access it from the internet. > > > You don''t need to redirect, simply open it up (in rules): > ACCEPT net loc:192.168.1.x tcp 22 > >Nice to see we''re giving this poor fellow lots of conflicting advice... :-) -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm
Axel@congos-tools.com wrote:> Yep :-) > > question is: how do we avoid this. One way would be to let you do all > the support alone :-) >Bad idea :-) -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
On Monday 12 April 2004 14:51, Axel@congos-tools.com wrote:> Yep :-) > > question is: how do we avoid this. One way would be to let you do all > the support alone :-) > > AxelHello, Well .... I Am Prone To Errors In Typing .. And I Am Prone To Playing "Beat The Tom To The Answer" I Usually Look At The Question And Say .. What Would Tom Say .. 95% Of The Time Its Faq This ... Or Doc That .. Since The Writer Of The Faq Or Doc Will Always Know It Better Than The Rest Of Us .. Can''t Give A Better Answer .. 5 % Is Something Technical .. And Oops .. Tom Knows It Better .. And Amazing Fixes And Ehancments Come To The Code. Tom Does Most Of Those Along With A Few Folks Who Help. This Issue Will Not Go Away .. Mistakes Are A Form Of Learning :-) And I Can''t Beat The Tom To The Answer. :-) Francesca -- "No Problems Only Solutions" Lady Linux Internet Services Baltimore Maryland 21217
Francesca C. Smith wrote:> > This Issue Will Not Go Away .. Mistakes Are A Form Of Learning :-) >And I think we should all just accept that and continue to try to help when folks post on the list. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
On 12 Apr 2004 at 15:08, Francesca C. Smith wrote:> On Monday 12 April 2004 14:51, Axel@congos-tools.com wrote: > > Yep :-) > > > > question is: how do we avoid this. One way would be to let you do > > all the support alone :-) > > > > Axel > > Hello, > > Well .... I Am Prone To Errors In Typing .. And I Am Prone ToPlaying> "Beat The Tom To The Answer" > > I Usually Look At The Question And Say .. What Would Tom Say .. 95%Of> The Time Its Faq This ... Or Doc That .. Since The Writer Of TheFaq> Or Doc Will Always Know It Better Than The Rest Of Us .. Can''t GiveA> Better Answer .. > > 5 % Is Something Technical .. And Oops .. Tom Knows It Better ..And> Amazing Fixes And Ehancments Come To The Code. Tom Does Most OfThose> Along With A Few Folks Who Help. > > This Issue Will Not Go Away .. Mistakes Are A Form Of Learning :-) > > And I Can''t Beat The Tom To The Answer. :-)Francesca: You could probably beat Tom to the answer more often if you didn''t take the time to capitalize every word. It would amount to a 20% reduction in keystrokes. Just kidding, of course... -- ______________________________________ John Andersen NORCOM / Juneau, Alaska http://www.screenio.com/ (907) 790-3386 ._______________________________________ John S. Andersen NORCOM mailto:JAndersen@norcomsoftware.com Juneau, Alaska http://www.screenio.com/
On 12 Apr 2004 at 20:34, Anderson do Carmo de Oliveira wrote:> Hi. > > Sorry if I understuding you..... > > Example.... > > I would want to receive from external IP, ssh on port 19500 and > redirect to internal host, ssh on port 22. > > Is it possible? How to ? > > Best Regards, > > Anderson. >DNAT net loc:192.168.x.x:22 tcp 19500 -- ______________________________________ John Andersen NORCOM / Juneau, Alaska http://www.screenio.com/ (907) 790-3386 ._______________________________________ John S. Andersen NORCOM mailto:JAndersen@norcomsoftware.com Juneau, Alaska http://www.screenio.com/
Anderson do Carmo de Oliveira wrote:> Hi. > > Sorry if I understuding you..... > > Example.... > > I would want to receive from external IP, ssh on port 19500 and redirect to > internal host, ssh on port 22. > > Is it possible? How to ? >That is FAQ 1c (http://shorewall.net/FAQ.htm#faq1c). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Hi. Sorry if I understuding you..... Example.... I would want to receive from external IP, ssh on port 19500 and redirect to internal host, ssh on port 22. Is it possible? How to ? Best Regards, Anderson. ----- Original Message ----- From: "Tom Eastep" <teastep@shorewall.net> To: "Mailing List for Shorewall Users" <shorewall-users@lists.shorewall.net> Sent: Monday, April 12, 2004 1:58 PM Subject: Re: [Shorewall-users] Redirect Ports> A note to the original poster -- This is Shorewall FAQ #1!!! Please at > least TRY to answer your own question before posting on the list. > > Jason Png wrote: > > First of all, what do you mean by redirect port ? > > since it is already running on port 22 > > > > Just set it this way > > > > ACCEPT net fw 22 > > > > Assuming that the ssh is running on port 22 on the firewall. > > > > If SSH is running on a box in the local zone > > Which the original poster said that it was... > > and it is on masq, > > > > DNAT net loc 22 > > > > That should be: > > DNAT net loc:192.168.1.x tcp 22 > > If the original poster is running Mandrake and let Mandrake set up > "Internet Connection Sharing", then this is the rule: > > DNAT net masq:192.168.1.x tcp 22 > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe:https://lists.shorewall.net/mailman/listinfo/shorewall-users> Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm >
Hi, Now, is running okay. Best Regards, Anderson. ----- Original Message ----- From: "John S. Andersen" <jsa@norcomix.dyndns.org> To: "Mailing List for Shorewall Users" <shorewall-users@lists.shorewall.net> Sent: Monday, April 12, 2004 8:30 PM Subject: Re: [Shorewall-users] Redirect Ports (2)> On 12 Apr 2004 at 20:34, Anderson do Carmo de Oliveira wrote: > > > Hi. > > > > Sorry if I understuding you..... > > > > Example.... > > > > I would want to receive from external IP, ssh on port 19500 and > > redirect to internal host, ssh on port 22. > > > > Is it possible? How to ? > > > > Best Regards, > > > > Anderson. > > > > DNAT net loc:192.168.x.x:22 tcp 19500 > > -- > ______________________________________ > John Andersen > NORCOM / Juneau, Alaska > http://www.screenio.com/ > (907) 790-3386 > > ._______________________________________ > John S. Andersen > NORCOM mailto:JAndersen@norcomsoftware.com > Juneau, Alaska > http://www.screenio.com/ > > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe:https://lists.shorewall.net/mailman/listinfo/shorewall-users> Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm >