Maple Thorpe
2011-Dec-14 11:33 UTC
Port forwarding ssh from Shorewall GW FW to Server w/FW
Greetings, I am attempting to configure a remote connection to an internal Server with a fw behind a gw shorewall fw using multiple ip-addresses. The gw shorewall uses the three-interface configuration. Excerpts are as follows ... GW: (net=eth0) rule: SSH(ACCEPT):info net:ip.add.re.ss dmz:10.10.11.4 nat: 1x.xxx.x.104 eth0 10.10.11.4 No No Server: (dmz=eth2) rule: ACCEPT dmz:ip.add.re.ss $FW tcp 22 - 1x.xxx.xx.104 masq: eth2 10.10.11.4 12.xxx.xx.104 tcp 22 On Server, "tcpdump -i eth2 src ip.add.re.ss and dst 10.10.11.4 and port 22" shows traffic arriving from remote ip.add.re.ss but connection timesout. I would greatly appreciate a nudge into right direction. Also, should I remove SSHKnock on GW Shorewall until I get this to work? Thanks in advance. ------------------------------------------------------------------------------ Cloud Computing - Latest Buzzword or a Glimpse of the Future? This paper surveys cloud computing today: What are the benefits? Why are businesses embracing it? What are its payoffs and pitfalls? http://www.accelacomm.com/jaw/sdnl/114/51425149/
Tom Eastep
2011-Dec-14 20:58 UTC
Re: Port forwarding ssh from Shorewall GW FW to Server w/FW
On Wed, 2011-12-14 at 05:33 -0600, Maple Thorpe wrote:> Greetings, > > I am attempting to configure a remote connection to an internal Server > with a fw behind a gw shorewall fw using multiple ip-addresses. The gw > shorewall uses the three-interface configuration. Excerpts are as > follows ... > > GW: > (net=eth0) > rule: SSH(ACCEPT):info net:ip.add.re.ss dmz:10.10.11.4 > nat: 1x.xxx.x.104 eth0 10.10.11.4 No No > > Server: > (dmz=eth2) > rule: ACCEPT dmz:ip.add.re.ss $FW tcp 22 - 1x.xxx.xx.104 > masq: eth2 10.10.11.4 12.xxx.xx.104 tcp 22 > > On Server, "tcpdump -i eth2 src ip.add.re.ss and dst 10.10.11.4 and port > 22" shows traffic arriving from remote ip.add.re.ss but connection > timesout.Get rid of the entry in the ORIGINAL DEST column on the Server. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Cloud Computing - Latest Buzzword or a Glimpse of the Future? This paper surveys cloud computing today: What are the benefits? Why are businesses embracing it? What are its payoffs and pitfalls? http://www.accelacomm.com/jaw/sdnl/114/51425149/
Maple Thorpe
2011-Dec-15 21:24 UTC
Re: (SOLVED) Port forwarding ssh from Shorewall GW FW to Server w/FW
On Wed, 2011-12-14 at 05:33 -0600, Maple Thorpe wrote:> Greetings, > > I am attempting to configure a remote connection to an internal Server > with a fw behind a gw shorewall fw using multiple ip-addresses. The gw > shorewall uses the three-interface configuration. Excerpts are as > follows ... > > GW: > (net=eth0) > rule: SSH(ACCEPT):info net:ip.add.re.ss dmz:10.10.11.4 > nat: 1x.xxx.x.104 eth0 10.10.11.4 No No > > Server: > (dmz=eth2) > rule: ACCEPT dmz:ip.add.re.ss $FW tcp 22 - 1x.xxx.xx.104 > masq: eth2 10.10.11.4 12.xxx.xx.104 tcp 22 > > On Server, "tcpdump -i eth2 src ip.add.re.ss and dst 10.10.11.4 and port > 22" shows traffic arriving from remote ip.add.re.ss but connection > timesout. > > I would greatly appreciate a nudge into right direction. Also, should I > remove SSHKnock on GW Shorewall until I get this to work? > > Thanks in advance. > > > > > > > > > > ------------------------------------------------------------------------------ > Cloud Computing - Latest Buzzword or a Glimpse of the Future? > This paper surveys cloud computing today: What are the benefits? > Why are businesses embracing it? What are its payoffs and pitfalls? > http://www.accelacomm.com/jaw/sdnl/114/51425149/ > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-usersOperator error. Solution: (FAQ 1f) Why must the server that I port forward to have it''s default gateway set to my Shorewall system''s IP address? Thanks Tom. ------------------------------------------------------------------------------ 10 Tips for Better Server Consolidation Server virtualization is being driven by many needs. But none more important than the need to reduce IT complexity while improving strategic productivity. Learn More! http://www.accelacomm.com/jaw/sdnl/114/51507609/