[ previous ] [ next ] [ threads ]
 
 From:  thorsten at vfl3 dot de (Thorsten Schmale)
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] RE: SSH rule dows not work
 Date:  Tue, 11 Sep 2007 08:47:22 +0200
What other rules have you configured?
Maybe the order of the rules is not correct.

On 10/09/07 17:55 +0200, Brieseneck, Arne, VF-Group wrote:
> WAN is a 10.5.40.0/24 network
> LAN is 192.168.50.128/26
> 
> No NATing
> 
> 
> The rules:
> 
> On WAN-tab
> TCP *:* -->192.168.50.190:22
> 
> On LAN-tab
> *  LANnet:*  --> *:*
> 
> 
> 
>  
> 
> -----Original Message-----
> From: Sven Brill [mailto:sven at brillweb dot net] 
> Sent: Montag, 10. September 2007 17:43
> To: Brieseneck, Arne, VF-Group
> Cc: Monowall Support List
> Subject: Re: [m0n0wall] RE: SSH rule dows not work
> 
> Brieseneck, Arne, VF-Group wrote:
> > No, it is not checked. 
> > Remember, if I use the *:*  --> *.* rule it works...
> >
> > Anyhow, do you have this running and an example config? 
> >
> >   
> can you clarify your setup? what networks do you have? is LAN 10.0.0.0/8
> and WAN is everything, including 192.168.0.0/16? are you doing NAT and
> have you defined the NAT rule in addition to the FW rule? Can you paste
> how the rules are currently set up, turn on logging on the default rule,
> and paste everything that goes on between the two hosts when you try to
> establish a connection?
> 
> Also, setting the source port to "any" is not less secure, the main
> thing is that the destination port is 22, and nothing else. you might
> want to clamp down on the source hosts if you are concerned, but I don't
> think any ssh client implementation even lets you specify the source
> port.
> 
> Sven
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 

-- 
Hallo Weichfrotierer!