WAN is a 10.5.40.0/24 network
LAN is 192.168.50.128/26
TCP *:* -->192.168.50.190:22
* LANnet:* --> *:*
From: Sven Brill [mailto:sven at brillweb dot net]
Sent: Montag, 10. September 2007 17:43
To: Brieseneck, Arne, VF-Group
Cc: Monowall Support List
Subject: Re: [m0n0wall] RE: SSH rule dows not work
Brieseneck, Arne, VF-Group wrote:
> No, it is not checked.
> Remember, if I use the *:* --> *.* rule it works...
> Anyhow, do you have this running and an example config?
can you clarify your setup? what networks do you have? is LAN 10.0.0.0/8
and WAN is everything, including 192.168.0.0/16? are you doing NAT and
have you defined the NAT rule in addition to the FW rule? Can you paste
how the rules are currently set up, turn on logging on the default rule,
and paste everything that goes on between the two hosts when you try to
establish a connection?
Also, setting the source port to "any" is not less secure, the main
thing is that the destination port is 22, and nothing else. you might
want to clamp down on the source hosts if you are concerned, but I don't
think any ssh client implementation even lets you specify the source