Re: [SLUG] DMZ Setup is killing me!!

From: Mike Branda (mike@wackyworld.tv)
Date: Sat Jul 03 2004 - 20:23:25 EDT


Matt

after alot of pain, it works!!

I was just trying a simple ping and then ssh from an offsite machine.
After digging through the firewall debug logs.....what was holding it up
was that from the offsite machine the outbound port was 7100 or so to
inbound 22 on ssh. well, outbound tcp,22 was enabled in FW_MASQ_NETS
for the DMZ but not ranges in the 7100 area. It couldn't reply to the
ssh because the firewall was dropping it. once I opened up the outbound
reply ports, it worked. I didn't realize that ssh worked on high
outbound directed at port 22. looks like more reading ahead. a guy on
the suse-security list pointed me in the right direction and from there
it was just tedious scouring of the logs.

Thanks!

Mike

On Fri, 2004-07-02 at 10:10, Matt Miller wrote:
> On Thu, 2004-07-01 at 23:12, Mike Branda wrote:
> <snip>
> > Any help would be appreciated. I'm feeling beat up by what should be so
> > simple... :^(
>
> perhaps a look at the underlying rules would help?
> Could you send the output of the following commands?
>
> $ iptables -L
> $ iptables -t nat -L
>
> Matt
> -----------------------------------------------------------------------
> This list is provided as an unmoderated internet service by Networked
> Knowledge Systems (NKS). Views and opinions expressed in messages
> posted are those of the author and do not necessarily reflect the
> official policy or position of NKS or any of its employees.

-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:07:18 EDT