[ previous ] [ next ] [ threads ]
 
 From:  Tim Nelson <tnelson at rockbochs dot com>
 To:  Lee Sharp <leesharp at hal dash pc dot org>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] SSH NAT/PAT woes
 Date:  Tue, 18 Nov 2008 15:40:04 -0600 (CST)
I tend to use DenyHosts quite a bit... similar to fail2ban...

Tim Nelson
Systems/Network Support
Rockbochs Inc.
(218)727-4332 x105

----- "Lee Sharp" <leesharp at hal dash pc dot org> wrote:

> Thomas Sprinzing wrote:
> > Hi there:
> > how do i set up the following scenario:
> > 
> > linux server behind m0n0, ADSL connection w/ dynamic external ip.
> > I have to set up external ssh access:
> > 
> > NAT + PAT incoming from any:any to port 12322 on m0n0 --->
> > 192.168.1.1:22
> > NAT incoming from one fixed address:any ----> 192.168.1.1:22
> > 
> > Is that possible? (last one, yes, but together with first?)
> > 
> > I have trouble with the first one. In testing, i accidentally opened
> :
> > 22 to any ip, which i absolutely dislike, because port 22 gets
> brute-
> > forcedfrom .ru and .cn constantly. Also, i tried to change the
> > _firewall_ rule to pass any:any to WAN:11122, but to no avail.
> 
> I actually leave ssh on port 22.  I also run fail2ban, which is
> amazing! 
>   Not the answer you were looking for, but perhaps an answer...
> 
> 			Lee
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch