From: Mark van Dijk [mailto:[email protected]] Sent: 28. august 2012 20:18
On Tue, 28 Aug 2012 08:27:31 -0700 Tom Eastep <[email protected]> wrote: > On 08/28/2012 08:18 AM, "José D. Grieco" wrote: > > I have a debian server with shorewall 4.5.5.3, my rules file has: > > > > SSH(ACCEPT) all all > > > > but when I try to connect from src IP 201.87.100.36 to FW via NET > > interface (IP 177.32.35.176) I receive "ssh_exchange_identification: > > read: Connection reset by peer" message > > > > from LOC interface works > > > > And if you 'shorewall clear' then this work perfectly? (be sure to > 'shorewall start' after testing). > > -Tom > The message received reminds me of an entry in /etc/hosts.deny. I don't think > it has anything to do with Shorewall tbh. Me neither. I'm running shorewall 4.5.5.3 on Debian myself. I don't have the exact same rule but I DNAT to a server behind the firewall like this: SSH(DNAT) net loc:192.168.1.2 Works fine but I had a similar problem once. I could login via ssh just fine but if I left the ssh session idle for too long I would receive connection reset by peer. My session were dead and I had to log back in. I only had this problem from one specific location. After some investigation I found out that the reason for my session to drop out were the firewall at this location. The firewall dropped all outbound ssh sessions that were inactive. I verified this by logging on to my server from that network and at the same time from a different network and left the sessions idle for a while. The connection were dropped but the other ssh session were still alive. ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
