On Fri, Mar 16, 2007 at 12:11:26PM -0800, Joshua J. Kugler wrote: > On Friday 16 March 2007 10:01, Jon wrote: > > Ok, after spending the requisite hours swearing and bashing about, I > > give up. > > > > All I am trying to do are some (presumably) simple DNAT rules. I have a > > fairly typical two NIC setup. > > > > I have an admin zone, a net zone, a local zone, and a firewall. I want > > to do two things: > > > > 1. Port foward 443 and 80 (amongst other ports) to a local machine > > behind the firewall. > > 2. Redirect and port forward external port 2222 to port 22 on a local > > machine behind the firewall and leave port 22 accepted into the firewall > > itself. The port 22 into the firewall is working fine. > > > > The Shorewall site and mailing list is absolutely rife with > > documentation on how to do this, yet I cannot see where I am erring. > > > > The syslog shows Shorewall letting traffic in as desired. The problem is > > that nothing ever comes back out. Let's focus on my SSH rule at the > > moment. It is: > > > > DNAT:info net loc:10.0.50.50:22 tcp 2222 > > I've run into this before as well, and had all kinds of grief until I figured > it out. For some reason, the SSH protocol does not like its port changed. > So, if you have 2222 open on the firewall, then have SSH listen on 2222 (as > well as 22, if you want) on your machine, and DNAT to 2222.
Not true, at least on my versions of ssh on linux. I routinely dnat ssh from all kinds of ports through to port 22, and it works just fine. You must have been seeing some other problem (or it's specific to a particular ssh or os or something?) Cheers, Gavin ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
