From: Joshua B. <sy...@co...> - 2004-05-03 19:07:24
|
Serge Wroclawski wrote: Hi Serge, > My configuration: > > DNAT net loc:192.168.65.201:22 tcp 10201 > > Other than spacing issues, they look functionally identical to me. Just wondering why this isn't working.. Your above rule..... (which looks perfectly fine),(And assuming that you are in fact starting an SSH connection from someone out on the Internet and not internally)..... I would edit the dnat line to log allowed connections for that specific rule... DNAT:info net loc:192.168.65.201:22 tcp 10201 # shorewall stop # shorewall start # shorewall logwatch now... have someone on the internet test your DNAT port-redirection rule.. and watch the output of "shorewall logwatch" What happens? Are you sure that tcp port 10201 isn't in use or bound to an existing connection on either end of the connection before the client tries to ssh? HTH's JBanks |