I''ve added the following to /etc/shorewall/rules to try to allow ssh from my desktop to my laptop. The IP of the desktop is 192.168.0.20. Version: 2.4.5 ############################################################################## #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ # PORT PORT(S) DEST LIMIT GROUP ACCEPT net:192.168.0.20 fw ACCEPT fw net:192.168.0.20 ACCEPT net fw icmp 8 ACCEPT fw net icmp #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE I''ve no doubt that I''m missing something obvious, as usual, but I have a corresponding entry on the desktop for the laptop (192.168.03) and I can ssh in that direction. Anthing else to check? Anthony -- Anthony Campbell - ac@acampbell.org.uk Microsoft-free zone - Using Linux Gnu-Debian http://www.acampbell.org.uk (blog, book reviews, on-line books and sceptical articles) ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache''s Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
Anthony Campbell wrote:> I''ve added the following to /etc/shorewall/rules to try to allow ssh from > my desktop to my laptop. The IP of the desktop is 192.168.0.20. > > Version: 2.4.5 > > ############################################################################## > #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ > # PORT PORT(S) DEST LIMIT GROUP > ACCEPT net:192.168.0.20 fw > ACCEPT fw net:192.168.0.20 > ACCEPT net fw icmp 8 > ACCEPT fw net icmp > #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE > > > I''ve no doubt that I''m missing something obvious, as usual, but I have a > corresponding entry on the desktop for the laptop (192.168.03) and I can > ssh in that direction. > > Anthing else to check?I''d guess you need to add the proto and port (AKA ''tcp ssh'') to each of your rules. -- Stephen Carville <stephen@totalflood.com> Unix and Network Admin Nationwide Totalflood 6033 W. Century Blvd Los Angeles, CA 90045 310-342-3602 ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache''s Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
Anthony Campbell wrote:> I''ve added the following to /etc/shorewall/rules to try to allow ssh from > my desktop to my laptop. The IP of the desktop is 192.168.0.20. > > Version: 2.4.5 > > ############################################################################## > #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ > # PORT PORT(S) DEST LIMIT GROUP > ACCEPT net:192.168.0.20 fw > ACCEPT fw net:192.168.0.20 > ACCEPT net fw icmp 8 > ACCEPT fw net icmp > #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE > > > I''ve no doubt that I''m missing something obvious, as usual, but I have a > corresponding entry on the desktop for the laptop (192.168.03) and I can > ssh in that direction. > > Anthing else to check? > > Anthony >Unless your laptop and desktop are on the net interface, this won''t work. use loc: instead net: Plus use the ports column if you want to only allow SSH as this opens up the fw to all access from 192.168.0.20 ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache''s Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
On 04 Nov 2005, Stephen Carville wrote:> Anthony Campbell wrote: > >I''ve added the following to /etc/shorewall/rules to try to allow ssh from > >my desktop to my laptop. The IP of the desktop is 192.168.0.20. > > > >Version: 2.4.5 > > > >############################################################################## > >#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL > >RATE USER/ > ># PORT PORT(S) DEST > >LIMIT GROUP > >ACCEPT net:192.168.0.20 fw > >ACCEPT fw net:192.168.0.20 > >ACCEPT net fw icmp 8 > >ACCEPT fw net icmp > >#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE > > > > > >I''ve no doubt that I''m missing something obvious, as usual, but I have a > >corresponding entry on the desktop for the laptop (192.168.03) and I can > >ssh in that direction. > > > >Anthing else to check? > > I''d guess you need to add the proto and port (AKA ''tcp ssh'') to each of > your rules. >I know I''m being dense here, but could you kindly indicate how the lines should actually read? The strange thing is that the problem has arisen after a reinstall (don''t ask why); I don''t remember having to do all this previously. -- Anthony Campbell - ac@acampbell.org.uk Microsoft-free zone - Using Linux Gnu-Debian http://www.acampbell.org.uk (blog, book reviews, on-line books and sceptical articles) ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache''s Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
On Friday 04 November 2005 06:50, Anthony Campbell wrote:> > The strange thing is that the problem has arisen after a reinstall > (don''t ask why); I don''t remember having to do all this previously.What evidence do you have that Shorewall is the cause of this connection problem? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
On 04 Nov 2005, Tom Eastep wrote:> On Friday 04 November 2005 06:50, Anthony Campbell wrote: > > > > > The strange thing is that the problem has arisen after a reinstall > > (don''t ask why); I don''t remember having to do all this previously. > > What evidence do you have that Shorewall is the cause of this connection > problem? > > -Tom"Shorewall clear" makes it work. However, I have now solved the problem by changing net:192.168.0.20 to 192.168.0.0/24. Not very sure why, but it works now! Anthony -- Anthony Campbell - ac@acampbell.org.uk Microsoft-free zone - Using Linux Gnu-Debian http://www.acampbell.org.uk (blog, book reviews, on-line books and sceptical articles) ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache''s Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
On Friday 04 November 2005 07:15, Anthony Campbell wrote:> On 04 Nov 2005, Tom Eastep wrote: > > On Friday 04 November 2005 06:50, Anthony Campbell wrote: > > > The strange thing is that the problem has arisen after a reinstall > > > (don''t ask why); I don''t remember having to do all this previously. > > > > What evidence do you have that Shorewall is the cause of this connection > > problem? > > > > -Tom > > "Shorewall clear" makes it work. However, I have now solved the problem > by changing net:192.168.0.20 to 192.168.0.0/24. > > Not very sure why, but it works now!Your log should tell you what traffic was being blocked. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key