On 6/7/2014 4:04 PM, Eric Koome wrote: > Hi all, > > I'm trying to implement port knocking for SSH behind NAT using Shorewall > Events based on http://shorewall.net/Events.html, but no joy. The port seems > to be always open. That is use of nmap to knock has no effect. > > DNAT net $FW:pri.va.te.ip tcp 22 > pu.bl.ic.ip
The above rule unconditionally forwards TCP 22 to the private IP. > Knock net $FW tcp > 1699:1701 > Knock net $FW:pri.va.te.ip tcp 22 > > Any ideas. Using 4.5.21. I suspect you will have more luck using http://shorewall.net/PortKnocking.html. There is a DNAT example there. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
