Discussion:
SSH through m0n0wall?
Michael Graves
2004-08-22 21:02:25 UTC
Permalink
Hello All,

Ever since I installed the v1.1 beta some weeks ago I have not been
able to SSH back through my m0n0wall to my Asterisk server. The rule
that I have setup is the same as worked with v1.0, that is:

Proto = TCP
source = *
port= 22 (SSH)
destination = 192.168.1.30
port = 22 (SSH)

When I'm on the inside of the lan I connect to the server no problem.
When outside my SSH client fails to connect. I have a single fixed IP
from my ISP. My server is as a fixed, NAT's IP. Any ideas how I get
around this?

Michael

P.S. - I just installed v1.1
--
Michael Graves ***@pixelpower.com
Sr. Product Specialist www.pixelpower.com
Pixel Power Inc. ***@mstvp.com

o713-861-4005
o800-905-6412
c713-201-1262

"We all have wings, but some of us don't know why." - INXS

** Tag(s) inserted by Bandit Tagger98 - http://www.gbar.dtu.dk/~c918704
Kai Dittmann
2004-08-22 22:35:30 UTC
Permalink
Post by Michael Graves
Hello All,
Ever since I installed the v1.1 beta some weeks ago I have not been
able to SSH back through my m0n0wall to my Asterisk server. The rule
Proto = TCP
source = *
port= 22 (SSH)
port = any or 1024:65534

ssh use tcp/hi-ports to connect, and
not port 22 as src.
Post by Michael Graves
destination = 192.168.1.30
port = 22 (SSH)
cheers,
-k.
Frederick Page
2004-08-22 23:42:31 UTC
Permalink
Hallo Michael,
Post by Michael Graves
Proto = TCP
source = *
port= 22 (SSH)
destination = 192.168.1.30
port = 22 (SSH)
You do realize, that you need two rules? One on the firewall, allowing
Port 22 and one in the NAT section. You can also do the rule in the
NAT section and check the flag "create firewall rule automatically".

I have exactly this scenario on 1.1 and it works fine.

Kind regards

Frederick
Fred Wright
2004-08-24 03:57:49 UTC
Permalink
Post by Kai Dittmann
Post by Michael Graves
Ever since I installed the v1.1 beta some weeks ago I have not been
able to SSH back through my m0n0wall to my Asterisk server. The rule
Proto = TCP
source = *
port= 22 (SSH)
port = any or 1024:65534
ssh use tcp/hi-ports to connect, and
not port 22 as src.
Or sometimes it uses low-numbered ports if it thinks RHosts might be an
option. It's best to just wildcard it.

Note that this is for the *firewall*, NAT rules don't have source
ports. Most commonly you want 22 in both places for NAT (i.e. map
firewall port 22 to server port 22).
Post by Kai Dittmann
Post by Michael Graves
Proto = TCP
source = *
port= 22 (SSH)
destination = 192.168.1.30
port = 22 (SSH)
You do realize, that you need two rules? One on the firewall, allowing
Port 22 and one in the NAT section. You can also do the rule in the
NAT section and check the flag "create firewall rule automatically".
Yes, but beware that this happens at NAT rule creation time. If you
change the port in the NAT entry, it doesn't update the firewall.

Also, if you create the firewall rule manually, beware that the firewall
is applied *after* NAT remapping, so it should refer to the *internal*
destination IP.
Post by Kai Dittmann
I have exactly this scenario on 1.1 and it works fine.
Same here.

Fred Wright

Loading...