[Shorewall-users] ssh port forwarding on firewall how?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi,

Anyone know how to put up a rule to allow ssh port forwarding from ssh 
daemon on the firewall to local network?

I use VNC to attach to hosts inside the local network. The destination 
port used for VNC is always 5900.

So connection would look like:-

net->fw (ssh) / loc(192.168.0.1) -- > host(192.168.0.2:5900)

I have a rule in my setup for:-

ACCEPT          loc       loc           tcp     5900

My interfaces file has an entry for loc of:-
loc     eth0            detect          routestopped

But on activating the firewall /var/log running up ssh forwarding and 
connecting the logs show a message :-
 kernel: Shorewall:all2all:REJECT:IN= OUT=eth0 SRC=192.168.0.1 
DST=192.168.0.2 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=55679 PROTO=TCP 
SPT=1137 DPT=5900 WINDOW=5840 RES=0x00 SYN URGP=0

The rule above I would have thought would allow this, however I note 
that the direction on the rule log only has an interface for OUT and not 
one for IN. Is this my problem, as loc is allocated to eth0, and 
therefore can not handle an empty interface rule?

Thanks in advance.

Joe Doran.