Re: [m0n0wall] Re: Outbound Secure Shell problem

From:	Don Munyak <don dot munyak at gmail dot com>
To:	Braden McGrath <braden at mcmail dot homeip dot net>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Re: Outbound Secure Shell problem
Date:	Fri, 1 Apr 2005 16:05:51 -0500
I thought I replied to this earlier. Anyway, Thanks Braden.

Turned out there was nothing wrong on our end. The end point had a
locked down their firewall acl's to block all connections except a
predefined list of IP's. Over the weekend I changed our firewall and
in doing so also changed the WAN ip from .40 to .45 .

After the end point changed there FW acl for .45...everything started
working again.

Thanks again,

- Don

On Mar 30, 2005 10:40 PM, Braden McGrath <braden at mcmail dot homeip dot net> wrote:
> For testing purposes, have you tried just adding a rule that allows all
> outbound from LAN to WAN?  M0n0 will keep state automagically, and you
> should be able to do almost anything from there...
> 
> -----Original Message-----
> From: Don Munyak [mailto:don dot munyak at gmail dot com]
> Sent: Wednesday, March 30, 2005 4:40 PM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: [m0n0wall] Re: Outbound Secure Shell problem
> 
> I still can't get this to work. Have been trying all day as well as
> researching the web. The only thing I could find is this rule:
> 
> # Allow [out] secure FTP, Telnet, and SCP
> # This function is using SSH (secure shell)
> pass out quick on dc0 proto tcp from any to any port = 22 flags S keep
> state
> 
> Except I can't figure out how to do a "pass out" rule.
> 
> I am trying to allow a LAN client access a specific ssh server on the
> public side of m0n0wall.
> 
> On Wed, 30 Mar 2005 10:37:51 -0500, Don Munyak <don dot munyak at gmail dot com>
> wrote:
> > from http:/m0n0wall-FW/status.php
> >
> > aa.43.155.45 is the m0n0wall WAN IP
> >
> > ipnat -lv
> >
> > MAP 192.168.222.183 2069  <- -> aa.43.155.45    47193 [208.0.115.233
> 22]
> >         age 471 use 0 sumd 0xee3c/0xee3c pr 6 bkt 437/266 flags 1 drop
> 0/0
> >         ifp xl0 bytes 384 pkts 8
> >
> > Hope this helps explaining what my issue is.
> >
> > - Don
> >
> >
> > On Wed, 30 Mar 2005 10:06:12 -0500, Don Munyak <don dot munyak at gmail dot com>
> wrote:
> > > We have been using a commercial version Secure Shell from ssh.com on
> a
> > > windows2k workstation for the last two years. Outbound connectivity
> > > and firewalling was orignially managed using a cisco 1720 with
> > > reflexive acl's. I reviewed the old config file but didn't see where
> > > we had any special permit statements.
> > >
> > > I just implemented m0n0wall ver 1.11 . Now our LAN client is unable
> to
> > > connect to the remote ssh server. The application reports that
> either
> > > the firewall is not setup properly or the server is down.
> > >
> > > We checked with the server admin. Their server is working.
> > >
> > > I could use some help either trouble shooting this or with
> > > establishing a firewall pass rule
> > >
> > > Thanks,
> > >
> > > - Don
> > >
> >
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
>