LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 07-20-2010, 09:58 AM   #1
cantab
Member
 
Registered: Oct 2009
Location: England
Distribution: Kubuntu, Ubuntu, Debian, Proxmox.
Posts: 553

Rep: Reputation: 115Reputation: 115
Cannot allow internet access to ssh on a high port in firehol on the gateway box


I'm trying to set firehol to allow access from the internet to ssh running on a high port on the router/gateway/firewall box. SSH is listening on the correct port, and other computers on the lan can ssh in, but not over the internet.

My /etc/firehol/firehol.conf is now IN code tags for easier reading.

Code:
#
# $Id: client-all.conf,v 1.2 2002/12/31 15:44:34 ktsaou Exp $
#
# This configuration file will allow all requests originating from the
# local machine to be send through all network interfaces.
#
# No requests are allowed to come from the network. The host will be
# completely stealthed! It will not respond to anything, and it will
# not be pingable, although it will be able to originate anything
# (even pings to other hosts).
#

# ssh on a high port
version 5

server_sshhigh_ports="tcp/#####"
client_sshhigh_ports="any"

sahaara_ips="192.168.54.0/24"

transparent_squid 8080 proxy inface eth0


interface eth0 sahaara src "${sahaara_ips}"
    policy reject
    server dns accept
    server dhcp accept
    server http accept
    server samba accept
    server icmp accept
    server sshhigh accept
    server all accept
    
interface eth1 internet src not "${UNROUTABLE_IPS}"
    protection strong 10/sec 10
    client all accept
    server sshhigh accept
    server ident reject with tcp-reset

router sahaara2internet inface eth0 outface eth1
    masquerade
    route all accept

router internet2sahaara inface eth1 outface eth0
    route ident reject with tcp-reset

Last edited by cantab; 07-21-2010 at 03:52 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
FireHOL - how to open a port Ishkabibble Linux - Software 1 12-10-2007 10:35 PM
XP box and RedHat 9 box as internet gateway (proxy) for each other. alibeheshti Linux - Newbie 1 06-22-2007 04:28 AM
Ubuntu 7.04 Linux Box as internet gateway trox Linux - Networking 1 05-05-2007 06:21 PM
Linux box as Gateway to internet for Windows Network bickyz Linux - Networking 11 11-29-2004 06:06 PM
One linux box and nic card, two high-speed internet connections ajnunes Linux - Networking 3 10-24-2002 04:34 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 03:44 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration