On 9/7/2018 11:50 PM, William Papolis wrote: > Hey fellas, and girls ... > > I have been struggling with this for a few days now and I just can't > seem to figure it out. :-( > > I want to be able to SSH from the INTERNET to a SERVER on my LOCAL > LAN, behind a SHOREWALL firewall. > I have MASQ working great and all users can access the internet from > the LOCAL LAN > I also have PORT FORWARDING working for a HTTP/HTTPS SERVER on our > LOCAL LAN, through the FIREWALL. > > This used to work with TWO CONSUMER ROUTERS, "nested" within each > other. The only difference now is ... I replaced the "INTERNAL ROUTER" > with a SHOREWALL FIREWALL. I used the 2NIC configuration help > guidelines. Technically my "TESTING COMPUTER" in my diagram is part of > the DMZ, right? >
There is no good answer here! :) > My Question ... how can I SSH from the INTERNET to my LOCAL LAN via > port 22. I will change the port to something else externally later, > but you can show that too. I am sure both are very similar. Also, I > can't seem to SSH from the TESTING computer either. Why? > I try SSH'ing from the testing computer to ... 192.168.2.7 port 22 > > When I look here ... > > Chain PREROUTING (policy ACCEPT 2408 packets, 153K bytes) > pkts bytes target prot opt in out source > destination > 0 0 DNAT tcp -- enp2s8 * 0.0.0.0/0 > 192.168.2.11 tcp dpt:22 to:10.0.0.42:22 > > I see "0 packets". > If I'm not mistaking, the IP of your ssh server is not in the above message? With 'shorewall clear' can you ssh from your test system to your ssh server (1)? See also (2). 1) http://shorewall.org/troubleshoot.htm#Connections 2) http://shorewall.org/support.htm#First -Matt -- Matt Darfeuille _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
