I just put Bering 1.0 on the firewall boxes of the three small networks I
manage. I replaced Dachstein CD/floppy setups with Bering/dual floppy drive
setups. The second floppy is needed mainly for libz, sshd, sshkey, and ssh.
I usually know what IP I'm coming in from with ssh, it is usually one of
the three network IPs, but not always.
Shorwall is quite a bit different than Dachstein, in terms of setting up
port forwarding and other things that affect the firewall rules. This is
probably where my problem lies.
Under the previous Dachstein system, on each firewall box, I always "port
forwarded" ssh to an internal server. Some of these servers are running
some old Linux distros, back to Linux-Mandrake 6.0. With all the reports of
vulnerabilities in earlier versions of ssh, I got worried. It is not easy
to upgrade the ssh in Linux-Mandrake 6.0 to a current version. RPM
dependencies, etc.
So I thought it made sense to run sshd on the Bering firewalls, which run a
current version without the vulnerabilities found in earlier versions. I
figured I could ssh into the firewall, then using the ssh on the firewall,
go to whichever box on the remote network that I needed to get to.
It all seems to work pretty much as I expected. And I say THANK YOU to
Charles, Jacques, Eric, Tom, Ray, and the MANY others who have contributed,
for all their efforts. I'm a relative newbie, but it is clear to me that
this (GNU/Linux) is worth learning, unlike the prevalent OS.
Anyway, to my question:
I cannot ssh from one of the firewalls to a remote firewall (Connection
refused). I can, however, ssh from any of the boxes behind a firewall to
the same remote firewall which refused the connnection directly from the
local firewall. This condition is symmetrical, that is, if I go to the
remote location and try to ssh back to the "home' box, I get the same
results. So it is clearly a setup or rules problem, since I am running the
same diskettes, all around.
I tried searching the archives thuough the sourceforge website without
success. I'm not sure whether the search function is working properly.
I'm guessing it's a rules problem. I put this into the Shorwall, Rules file:
ACCEPT net:68.8.x.y,68.8.xx.yy,68.8.xxx.yyy fw
tcp 22
Otherwise, Bering/Shorwall is "stock".
Any suggestions are appreciated.
TIA.
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
