|
||||||||
Another question: why have you configured 192.168.50.190 in your rule? On the LAN-tab you chose LANnet and not 192.168.50.190. I mean, that shouldn't do any difference. But at least you can try... On 10/09/07 17:55 +0200, Brieseneck, Arne, VF-Group wrote: > WAN is a 10.5.40.0/24 network > LAN is 192.168.50.128/26 > > No NATing > > > The rules: > > On WAN-tab > TCP *:* -->192.168.50.190:22 > > On LAN-tab > * LANnet:* --> *:* > > > > > > -----Original Message----- > From: Sven Brill [mailto:sven at brillweb dot net] > Sent: Montag, 10. September 2007 17:43 > To: Brieseneck, Arne, VF-Group > Cc: Monowall Support List > Subject: Re: [m0n0wall] RE: SSH rule dows not work > > Brieseneck, Arne, VF-Group wrote: > > No, it is not checked. > > Remember, if I use the *:* --> *.* rule it works... > > > > Anyhow, do you have this running and an example config? > > > > > can you clarify your setup? what networks do you have? is LAN 10.0.0.0/8 > and WAN is everything, including 192.168.0.0/16? are you doing NAT and > have you defined the NAT rule in addition to the FW rule? Can you paste > how the rules are currently set up, turn on logging on the default rule, > and paste everything that goes on between the two hosts when you try to > establish a connection? > > Also, setting the source port to "any" is not less secure, the main > thing is that the destination port is 22, and nothing else. you might > want to clamp down on the source hosts if you are concerned, but I don't > think any ssh client implementation even lets you specify the source > port. > > Sven > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > -- Hallo Bademantelträger! |