Incoming ssh doesn't quite work

Thread: Incoming ssh doesn't quite work

Search this list only Search all lists
Incoming ssh doesn't quite work
	2007-01-23 12:23:26

Good afternoon, I have a FreeBSD 6.1 box providing authentication services for a local wireless hotspot. "ext_if" (xl2) connects to the DSL modem, "wireless_if" (xl1) connects to the wireless router. Outbound http and https work just fine, but outbound ssh and inbound ssh don't work at all. Port forwarding on the DSL modem has been enabled, and I can see the inbound SSH requests on ext_if, sshd is actively listening on the required port, but the sshd logs say about connection attempts. Is there something else that needs to be configured in pf.conf for inbound ssh to function correctly? ---8<--- ext_if="xl2" ext_addr="172.16.1.33" wireless_if="xl1" wireless_net="192.168.100.0/24" proxy_addr="192.168.100.1" nat on $ext_if from $wireless_net to any port { 22, 443 } -> $ext_if rdr on $wireless_if inet proto tcp from any to any port 80 -> $proxy_addr port 3080 rdr on $ext_if proto tcp from any to $ext_if port { 22, 80 } -> ($ext_if) pass in on $wireless_if inet proto tcp from $wireless_net to any port { 22, 25, 110, 443, 3080 } keep state pass in on $ext_if inet proto tcp from any to $ext_addr port { 22, 80 } flags S/SA synproxy state pass out on $wireless_if inet proto tcp from $wireless_net to any port { 22, 25, 110, 443, 3080 } keep state pass out on $ext_if inet proto tcp from any to any port { 22, 80 } flags S/SA synproxy state ---8<--- Thank you, -- Isaac Grover, Owner Quality Computer Services of River Falls, Wisconsin Affordable I. T. Consulting, Web Design, and Web Hosting. Commercial and Residential Inquiries Welcomed. Web: http://www.qcs-rf.com _______________________________________________ freebsd-pffreebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscribefreebsd.org"
Re: Incoming ssh doesn't quite work
	2007-01-24 07:39:06

Lets see your rules: > ---8<--- > ext_if="xl2" > ext_addr="172.16.1.33" > wireless_if="xl1" > wireless_net="192.168.100.0/24" > proxy_addr="192.168.100.1" > > nat on $ext_if from $wireless_net to any port { 22, 443 } -> $ext_if > > rdr on $wireless_if inet proto tcp from any to any port 80 -> > $proxy_addr port 3080 I didn't understand this rule, maybe without that rule, can work. > rdr on $ext_if proto tcp from any to $ext_if port { 22, 80 } -> ($ext_if) > > pass in on $wireless_if inet proto tcp from $wireless_net to any port > { 22, 25, 110, 443, 3080 } keep state > pass in on $ext_if inet proto tcp from any to $ext_addr port { 22, 80 > } flags S/SA synproxy state > This rule is wrong!!! > pass out on $wireless_if inet proto tcp from $wireless_net to any port > { 22, 25, 110, 443, 3080 } keep state The right is: pass out on $wireless_if inet proto tcp from any to $wireless_net port { 22, 25, 110, 443, 3080 } keep state > pass out on $ext_if inet proto tcp from any to any port { 22, 80 } > flags S/SA synproxy state > ---8<--- Gilberto 2007/1/23, Isaac Grover gmail.com>: > Good afternoon, > > I have a FreeBSD 6.1 box providing authentication services for a local > wireless hotspot. "ext_if" (xl2) connects to the DSL modem, > "wireless_if" (xl1) connects to the wireless router. Outbound http > and https work just fine, but outbound ssh and inbound ssh don't work > at all. Port forwarding on the DSL modem has been enabled, and I can > see the inbound SSH requests on ext_if, sshd is actively listening on > the required port, but the sshd logs say about connection attempts. > > Is there something else that needs to be configured in pf.conf for > inbound ssh to function correctly? > > ---8<--- > ext_if="xl2" > ext_addr="172.16.1.33" > wireless_if="xl1" > wireless_net="192.168.100.0/24" > proxy_addr="192.168.100.1" > > nat on $ext_if from $wireless_net to any port { 22, 443 } -> $ext_if > > rdr on $wireless_if inet proto tcp from any to any port 80 -> > $proxy_addr port 3080 > rdr on $ext_if proto tcp from any to $ext_if port { 22, 80 } -> ($ext_if) > > pass in on $wireless_if inet proto tcp from $wireless_net to any port > { 22, 25, 110, 443, 3080 } keep state > pass in on $ext_if inet proto tcp from any to $ext_addr port { 22, 80 > } flags S/SA synproxy state > > pass out on $wireless_if inet proto tcp from $wireless_net to any port > { 22, 25, 110, 443, 3080 } keep state > pass out on $ext_if inet proto tcp from any to any port { 22, 80 } > flags S/SA synproxy state > ---8<--- > > Thank you, > -- > Isaac Grover, Owner > Quality Computer Services of River Falls, Wisconsin > Affordable I. T. Consulting, Web Design, and Web Hosting. > Commercial and Residential Inquiries Welcomed. > Web: http://www.qcs-rf.com > _______________________________________________ > freebsd-pffreebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribefreebsd.org" > _______________________________________________ freebsd-pffreebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscribefreebsd.org"

[1-2]

about | contact Other archives ( Real Estate discussion Medical topics )