Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13

Thread: SSH client from static source port?

  1. December 15th, 2003, 07:26 PM #11
    g00n
    g00n is offline
    Senior Member
    Join Date
    Sep 2001
    Posts
    144
    your setup is probably the confusing part here.

    it appears you have INTERNET->FIREWALL->NAT DEVICE->LAN

    if this is the case, as long as you follow msmittens firewall rules, and your nat device is an actual nat devices, not a masq device.. it should be working fine.

    Unless however, you are trying to test the internet availability of your ssh server by sshing to your public ip from your LAN.. which will cause confusion and stop the connection from starting..

    Again, you havn't stated your actual layout so ALLL of this is speculation. Tell us how your network is layed out and you'll probably get better answers.
    Reply With Quote Reply With Quote
  2. December 15th, 2003, 07:31 PM #12
    hogfly
    hogfly is offline
    Computer Forensics
    Join Date
    Jul 2001
    Posts
    672
    question.. what the hell makes you think that you want a static source port for ssh? Do you realize the potential pitfalls that will cause for other applications that use dynamic source ports? I assure you is quite normal to use dynamic source ports.
    The answer which has been stated twice already is this: forward ssh to your ssh server, and keep state on the pass rule. If your firewall does not do stateful inspection, or does not maintain state, open the port blindly and use tcpwrappers or something in /etc/ssh/sshd_config to restrict access.
    Passing flags S/SA will allow the SYN packet to get through and keeping state on the connection will allow the sshd to respond to the clients request and let the connection continue..until said connection is established..and it will keep the session alive until it expires or the connection is closed. The rest should be transparent.

    **cleanse senior member gene pool**
    -hog
    Antionline in a nutshell
    \"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"

    Trust your Technolust
    Reply With Quote Reply With Quote
  3. December 15th, 2003, 10:57 PM #13
    Striek
    Striek is offline
    Senior Member
    Join Date
    Oct 2002
    Posts
    1,130
    Unless however, you are trying to test the internet availability of your ssh server by sshing to your public ip from your LAN.
    Exactly.

    Currently, when I test this, the firewall is disabled to keep things simple. So what I have is

    INTERNET --> NAT DEVICE --> LAN
    No firewall.

    Yes, I am tring to ssh to my public IP from my LAN, and I believe this is what is causing the problem. I can ssh from within my LAN quite easily, even with the firewall up. I only need to do this temporarily to test the ssh server via my public address from behind the NAT.
    Government is like fire - a handy servant, but a dangerous master - George Washington
    Government is not reason, it is not eloquence - it is force. - George Washington.

    Join the UnError community!
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules