[ previous ] [ next ] [ threads ]
 
 From:  "Brieseneck, Arne, VF-Group" <Arne dot Brieseneck at vodafone dot com>
 To:  "Thorsten Schmale" <thorsten at vfl3 dot de>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] RE: SSH rule dows not work
 Date:  Tue, 11 Sep 2007 09:09:06 +0200
That's the default entry. And I was as well thinking that's the same...
But anyhow, I have done some testing around and put in a *:* --> *:* with the same result. 

-----Original Message-----
From: Thorsten Schmale [mailto:thorsten at vfl3 dot de] 
Sent: Dienstag, 11. September 2007 09:06
To: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] RE: SSH rule dows not work

Another question:
why have you configured 192.168.50.190 in your rule?
On the LAN-tab you chose LANnet and not 192.168.50.190.

I mean, that shouldn't do any difference. But at least you can try...

On 10/09/07 17:55 +0200, Brieseneck, Arne, VF-Group wrote:
> WAN is a 10.5.40.0/24 network
> LAN is 192.168.50.128/26
> 
> No NATing
> 
> 
> The rules:
> 
> On WAN-tab
> TCP *:* -->192.168.50.190:22
> 
> On LAN-tab
> *  LANnet:*  --> *:*
> 
> 
> 
>  
> 
> -----Original Message-----
> From: Sven Brill [mailto:sven at brillweb dot net]
> Sent: Montag, 10. September 2007 17:43
> To: Brieseneck, Arne, VF-Group
> Cc: Monowall Support List
> Subject: Re: [m0n0wall] RE: SSH rule dows not work
> 
> Brieseneck, Arne, VF-Group wrote:
> > No, it is not checked. 
> > Remember, if I use the *:*  --> *.* rule it works...
> >
> > Anyhow, do you have this running and an example config? 
> >
> >   
> can you clarify your setup? what networks do you have? is LAN 
> 10.0.0.0/8 and WAN is everything, including 192.168.0.0/16? are you 
> doing NAT and have you defined the NAT rule in addition to the FW 
> rule? Can you paste how the rules are currently set up, turn on 
> logging on the default rule, and paste everything that goes on between 
> the two hosts when you try to establish a connection?
> 
> Also, setting the source port to "any" is not less secure, the main 
> thing is that the destination port is 22, and nothing else. you might 
> want to clamp down on the source hosts if you are concerned, but I 
> don't think any ssh client implementation even lets you specify the 
> source port.
> 
> Sven
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 

--


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch