[ previous ] [ next ] [ threads ]
 
 From:  thorsten at vfl3 dot de (Thorsten Schmale)
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] RE: SSH rule dows not work
 Date:  Mon, 10 Sep 2007 17:07:41 +0200
Hmm, seems like you have some RFC1918 Net on your WAN interface. Is the
"Block private networks" checked under "Interfaces: WAN"?

On 10/09/07 16:51 +0200, Brieseneck, Arne, VF-Group wrote:
> If I have to configure this as any - OK, I've done this - even if it sounds not very secure to me.
> 
> The next error shows that it is not working as well:
>  
> Deny 16:52:19.585047  LAN  192.168.50.190:22  10.5.40.34:3903  TCP
> 
> 
> 
> -----Original Message-----
> From: Thorsten Schmale [mailto:thorsten at vfl3 dot de] 
> Sent: Montag, 10. September 2007 16:44
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] RE: SSH rule dows not work
> 
> Hi,
> 
> you specified port 22 as the source port. The ssh-connection will go to port 22 but the source
port is variable.
> You have to specify "any" there.
> 
> Best,
> Thorsten
> 
> On 10/09/07 16:37 +0200, Brieseneck, Arne, VF-Group wrote:
> >  
> > 
> > 	Hi all,
> > 	 
> > 	it seems as if my ssh rule for traffic coming from WAN towards a 
> > server in LAN dows not work.
> > 	 
> > 	The configuration is very simple. And without the rule deny which 
> > should allow this traffic and an any-any therefore it is working.
> > So routing etc. is fine.
> > 	 
> > 	This is the config: 
> > 	TCP   10.5.40.34:22  --> 192.168.50.90:22 
> > 	
> > 	 
> > 	 
> > 	and the flow back is allowed in the LAN section: 
> > 	* LANnet:*  --> *:*
> > 	 
> > 	 
> > 	
> > 	 
> > 	But here is the error: 
> > 	denied 1632:45364880   WAN   10.5.40.34:4502  -->
> > 192.168.50.190:22
> > 	 
> > 	
> > 	 
> > 	This sounds strange to me, because SSH only needs port 22 and no 
> > passive ports like FTP.
> > 	 
> > 	Has anyone a hint?
> > 	 
> > 	 
> > 	Thanks a lot for your help
> > 
> 
> --

> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 

-- 
Hallo Hosenlatztrommler!