[ previous ] [ next ] [ threads ]
 
 From:  "Brieseneck, Arne, VF-Group" <Arne dot Brieseneck at vodafone dot com>
 To:  "Sven Brill" <sven at brillweb dot net>
 Cc:  "Monowall Support List" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] RE: SSH rule dows not work
 Date:  Mon, 10 Sep 2007 17:55:22 +0200
WAN is a 10.5.40.0/24 network
LAN is 192.168.50.128/26

No NATing


The rules:

On WAN-tab
TCP *:* -->192.168.50.190:22

On LAN-tab
*  LANnet:*  --> *:*



 

-----Original Message-----
From: Sven Brill [mailto:sven at brillweb dot net] 
Sent: Montag, 10. September 2007 17:43
To: Brieseneck, Arne, VF-Group
Cc: Monowall Support List
Subject: Re: [m0n0wall] RE: SSH rule dows not work

Brieseneck, Arne, VF-Group wrote:
> No, it is not checked. 
> Remember, if I use the *:*  --> *.* rule it works...
>
> Anyhow, do you have this running and an example config? 
>
>   
can you clarify your setup? what networks do you have? is LAN 10.0.0.0/8
and WAN is everything, including 192.168.0.0/16? are you doing NAT and
have you defined the NAT rule in addition to the FW rule? Can you paste
how the rules are currently set up, turn on logging on the default rule,
and paste everything that goes on between the two hosts when you try to
establish a connection?

Also, setting the source port to "any" is not less secure, the main
thing is that the destination port is 22, and nothing else. you might
want to clamp down on the source hosts if you are concerned, but I don't
think any ssh client implementation even lets you specify the source
port.

Sven