[ previous ] [ next ] [ threads ]
 
 From:  "Brieseneck, Arne, VF-Group" <Arne dot Brieseneck at vodafone dot com>
 To:  "Thorsten Schmale" <thorsten at vfl3 dot de>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] RE: SSH rule dows not work
 Date:  Mon, 10 Sep 2007 16:51:56 +0200
If I have to configure this as any - OK, I've done this - even if it sounds not very secure to me.

The next error shows that it is not working as well:
 
Deny 16:52:19.585047  LAN  192.168.50.190:22  10.5.40.34:3903  TCP



-----Original Message-----
From: Thorsten Schmale [mailto:thorsten at vfl3 dot de] 
Sent: Montag, 10. September 2007 16:44
To: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] RE: SSH rule dows not work

Hi,

you specified port 22 as the source port. The ssh-connection will go to port 22 but the source port
is variable.
You have to specify "any" there.

Best,
Thorsten

On 10/09/07 16:37 +0200, Brieseneck, Arne, VF-Group wrote:
>  
> 
> 	Hi all,
> 	 
> 	it seems as if my ssh rule for traffic coming from WAN towards a 
> server in LAN dows not work.
> 	 
> 	The configuration is very simple. And without the rule deny which 
> should allow this traffic and an any-any therefore it is working.
> So routing etc. is fine.
> 	 
> 	This is the config: 
> 	TCP   10.5.40.34:22  --> 192.168.50.90:22 
> 	
> 	 
> 	 
> 	and the flow back is allowed in the LAN section: 
> 	* LANnet:*  --> *:*
> 	 
> 	 
> 	
> 	 
> 	But here is the error: 
> 	denied 1632:45364880   WAN   10.5.40.34:4502  -->
> 192.168.50.190:22
> 	 
> 	
> 	 
> 	This sounds strange to me, because SSH only needs port 22 and no 
> passive ports like FTP.
> 	 
> 	Has anyone a hint?
> 	 
> 	 
> 	Thanks a lot for your help
> 

--


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch