# forward ssh connections to outside hosts
Michael Agbaglo <[EMAIL PROTECTED]> writes: > It's ok to leave it on port 22... but when I enabled port 22 it still > doesn't work. Theoretically port 22 should be used on remote host and > port>1023 is used at local host. I set up the firewall with no limits to > outgoing packets, incoming packets are allowed when port > 1023 and ACK > is set. > I'm sitting *at* the firewall and can telnet to x.x.x.x (stands for hosts > outside the firewall but not the firewall itself) but I can't ssh to > x.x.x.x > I'm NOT talking about forwarding from a client through the firewall. > If port 22 is enabled on firewall I can't even telnet on the firewall > host - what's this ? > When I "telnet [remote host] 22" I get an ssh prompt - so something must > be filtered out on it's way back. I am not sure if I had correctly understood. I still believe that your problem consist in the fact that telnet and ssh work on different ports. this should enable ssh and telnet from (i.e. sitting *at*) your firewall. (this of course is not the best filtering policy, it should serve only as example) EIF="external-interface-ip" ### allow outgoing ssh connections ipfwadm -O -a accept -P tcp -S $EIF 0:1023 -D any/0 22 ipfwadm -I -a accept -P tcp -k -S any/0 22 -D $EIF 0:1023 ### allow outgoing telnet connections ipfwadm -O -a accept -P tcp -S $EIF 1024:65535 -D any/0 20 ipfwadm -I -a accept -P tcp -k -S any/0 20 -D $EIF 1024:65535 hope this works marco
