I'm trying to set firehol to allow access from the internet to ssh running on a high port on the router/gateway/firewall box. SSH is listening on the correct port, and other computers on the lan can ssh in, but not over the internet.
My /etc/firehol/firehol.conf is now IN code tags for easier reading.
Code:
#
# $Id: client-all.conf,v 1.2 2002/12/31 15:44:34 ktsaou Exp $
#
# This configuration file will allow all requests originating from the
# local machine to be send through all network interfaces.
#
# No requests are allowed to come from the network. The host will be
# completely stealthed! It will not respond to anything, and it will
# not be pingable, although it will be able to originate anything
# (even pings to other hosts).
#
# ssh on a high port
version 5
server_sshhigh_ports="tcp/#####"
client_sshhigh_ports="any"
sahaara_ips="192.168.54.0/24"
transparent_squid 8080 proxy inface eth0
interface eth0 sahaara src "${sahaara_ips}"
policy reject
server dns accept
server dhcp accept
server http accept
server samba accept
server icmp accept
server sshhigh accept
server all accept
interface eth1 internet src not "${UNROUTABLE_IPS}"
protection strong 10/sec 10
client all accept
server sshhigh accept
server ident reject with tcp-reset
router sahaara2internet inface eth0 outface eth1
masquerade
route all accept
router internet2sahaara inface eth1 outface eth0
route ident reject with tcp-reset