Putty and Shorewall.. need help with firewall

Newman_SCO · 07-28-2003, 05:29 PM

Hi there,

I am trying to get putty to work remotely over a lan with my mandrake 9.1 box.

I am using xp. When attempting to connect to linux box. It displays "connection refused"

This is down to the shorewall firewall on the linux box.

I have opened ports on shorewall before.

This time I want to be double sure that the port which is going to be opened will not be open to the net. But only the lan.

I have read info about how to do. (below)
=========================================================================
At this point, edit your /etc/shorewall/policy and make any changes that you wish.

Enabling other Connections
If you wish to enable connections from the internet to your firewall, the general format is:
ACTION SOURCE DESTINATION PROTOCOL PORT SOURCE PORT ORIGINAL ADDRESS
ACCEPT net fw <protocol> <port>
Example - You want to run a Web Server and a POP3 Server on your firewall system:

ACTION SOURCE DESTINATION PROTOCOL PORT SOURCE PORT ORIGINAL ADDRESS
ACCEPT net fw tcp 80
ACCEPT net fw tcp 110

If you don't know what port and protocol a particular application uses, see here.
Important: I don't recommend enabling telnet to/from the internet because it uses clear text (even for login!). If you want shell access to your firewall from the internet, use SSH:

ACTION SOURCE DESTINATION PROTOCOL PORT SOURCE PORT ORIGINAL ADDRESS
ACCEPT net fw tcp 22

At this point, edit /etc/shorewall/rules to add other connections as desired
================================================

What I need to do is.

ACCEPT networkadaptername fw tcp 23

-Is this correct to open the port on my linux box to the network?
-And this will not be accessible via the net?

Thank you very much for reading.

And have a good day

neo77777 · 07-28-2003, 05:41 PM

Well, I believe instead of source you need to put your network address, such as 10.0.0.0 if you configured your LAN for use 10.0.0.0/8 address space, then as the port use 22 not 23, 23 is telnet, unless you configured sshd to accept connections on port 23 and disabled telnet.

Newman_SCO · 07-28-2003, 06:47 PM

Name it as Network address(ip).. ok..righty then.
And I use port 22. I assumed it was 23 because that was the default no. when I downloaded putty. But as you said that is the telnet default.

I want to use ssh as it is said to be more secure.

Thank you very much Neo77777

Newman_SCO · 07-29-2003, 12:07 PM

Failed to work..

I opened port 22 and 23 to local network in shorewall rules file.

I still get refused connections in putty.

Wrote something like this.
ACCEPT loc fw tcp 22,23

I'm baffled.

Anyone got an idea?

Bungholio · 08-04-2003, 11:07 AM

did you try your local ip instead of loc ?

mindnumbed · 08-04-2003, 03:43 PM

try disconnecting your mandrake box from the net and then trying:
# shorewall clear
(someone check if this is right?)

it would be useful just to confirm that it is indeed the firewall and not just sshd that is refusing your connection