From: Joe D. <jo...@pc...> - 2002-08-22 21:39:17
|
Hi, Anyone know how to put up a rule to allow ssh port forwarding from ssh daemon on the firewall to local network? I use VNC to attach to hosts inside the local network. The destination port used for VNC is always 5900. So connection would look like:- net->fw (ssh) / loc(192.168.0.1) -- > host(192.168.0.2:5900) I have a rule in my setup for:- ACCEPT loc loc tcp 5900 My interfaces file has an entry for loc of:- loc eth0 detect routestopped But on activating the firewall /var/log running up ssh forwarding and connecting the logs show a message :- kernel: Shorewall:all2all:REJECT:IN= OUT=eth0 SRC=192.168.0.1 DST=192.168.0.2 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=55679 PROTO=TCP SPT=1137 DPT=5900 WINDOW=5840 RES=0x00 SYN URGP=0 The rule above I would have thought would allow this, however I note that the direction on the rule log only has an interface for OUT and not one for IN. Is this my problem, as loc is allocated to eth0, and therefore can not handle an empty interface rule? Thanks in advance. Joe Doran. |