Re: [Shorewall-users] Shorewall Events - Port knock & DNAT

Sat, 07 Jun 2014 23:58:09 -0700 

I indeed used the

How is the DNAT example in http://shorewall.net/PortKnocking.html different 
from mine (albeit I have used Events to construct sshknock?) Wouldn't the first 
rule unconditionally forward port 22 to private ip?

#ACTION SOURCE DEST PROTO DEST PORT(S) SOURCE ORIGINAL # PORT(S) DEST 
DNAT- net 192.168.1.5 tcp 22 - 206.124.146.178 
SSHKnock net $FW tcp 1599,1600,1601 
SSHKnock net loc:192.168.1.5 tcp 22 - 206.124.146.178

> On 8 Jun 2014, at 00:23, Tom Eastep <[email protected]> wrote:
> 
>> On 6/7/2014 4:04 PM, Eric Koome wrote:
>> Hi all,
>> 
>> I'm trying to implement port knocking for SSH behind NAT using Shorewall 
>> Events based on http://shorewall.net/Events.html, but no joy. The port seems 
>> to be always open. That is use of nmap  to knock has no effect.
>> 
>> DNAT     net       $FW:pri.va.te.ip            tcp    22        pu.bl.ic.ip
> 
> The above rule unconditionally forwards TCP 22 to the private IP.
> 
>> Knock    net       $FW                        tcp        1699:1701
>> Knock    net        $FW:pri.va.te.ip        tcp        22
>> 
>> Any ideas. Using 4.5.21.
> 
> I suspect you will have more luck using
> http://shorewall.net/PortKnocking.html. There is a DNAT example there.
> 
> -Tom
> -- 
> Tom Eastep        \ When I die, I want to go like my Grandfather who
> Shoreline,         \ died peacefully in his sleep. Not screaming like
> Washington, USA     \ all of the passengers in his car
> http://shorewall.net \________________________________________________
> 
> ------------------------------------------------------------------------------
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their 
> applications. Written by three acclaimed leaders in the field, 
> this first edition is now available. Download your free book today!
> http://p.sf.net/sfu/NeoTech
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their 
applications. Written by three acclaimed leaders in the field, 
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to