Re: *** IPF Help Req ***
From: Philip Paeps (philip+usenet_at_paeps.cx)
Date: 11/29/03
- Next message: clara: "Re: mount MS floppy"
- Previous message: Olaf Ramge: "Kernel panic when umount an usb umass device - usbd problem"
- In reply to: NoNameHere: "*** IPF Help Req ***"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sat, 29 Nov 2003 18:23:50 GMT
NoNameHere <recpharm@hotmail.com> wrote:
> I have 5 internal machines, each running SSH on port 22. I would like
> to be able to SSH to every internal box.
>
> Can I make the firewall accept an SSH connection on a high port (1022,
> 1023, 1024, 1025, 1026) and redirect it to port 22 on the appropriate
> internal machine?
Sure.
> Here is my ipf.rule for each machine:
> pass in quick on xl0 proto tcp from any to 192.168.1.10 port = 1022
> flags S keep state keep frags
This will allow connections to port 1022, not to port 22,
> Here is my ipnat.rule for each machine:
> rdr xl0 0.0.0.0/0 port 1022 -> 192.168.1.10 port 1022
This redirects to port 1022, not to port 22.
> The connection on port 1022 isn't working. What command am I missing?
You should redirect to port 22, and allow connections to that port.
Also note that ipf sees the translated ports/addresses, not the
'original' ones.
- Philip
-- Philip Paeps To spot the expert, pick the one who predicts the job will take the longest and cost the most.
- Next message: clara: "Re: mount MS floppy"
- Previous message: Olaf Ramge: "Kernel panic when umount an usb umass device - usbd problem"
- In reply to: NoNameHere: "*** IPF Help Req ***"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
