[Shorewall-newbies] ssh tunneling

Sakthivel Subramanian sakthi at altair.com
Mon Mar 15 14:56:01 PST 2004


Your destination in the error message is DST=192.168.101.127, 
where as in the SSH command it is 192.168.0.127. 

Which one is the correct one ?

If you are trying to create a tunnel from FW to LOC, your OUT=eth1 not eth0.

-Sakthi

-----Original Message-----
From: shorewall-newbies-bounces at lists.shorewall.net
[mailto:shorewall-newbies-bounces at lists.shorewall.net] On Behalf Of Yogesh
Sharma
Sent: Monday, March 15, 2004 5:13 PM
To: shorewall-newbies at lists.shorewall.net
Subject: [Shorewall-newbies] ssh tunneling


Hi,

Please include me in CC as I am not subscribed to list.

Shorewall version 1.4.10b
eth0 Internet IP 4.2.2.2
eth1 Intranet IP 192.168.0.0/255.255.255.0
IP Masq, DHCP enabled

I am trying to create a tunnel using following ssh command:
ssh root at 4.2.2.2 -L 5800:192.168.0.127:5800

I created one rule like this:
ACCEPT   FW   LOC   TCP   5800
but I am still getting these in log and not been able to use ssh port 
forwarding

Shorewall:all2all:REJECT:IN= OUT=eth0 SRC=4.2.2.2 DST=192.168.101.127 
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=36865 DF PROTO=TCP SPT=1073 DPT=5800 
WINDOW=5840 RES=0x00 SYN URGP=0
Shorewall:all2all:REJECT:IN= OUT=eth0 SRC=4.2.2.2 DST=192.168.101.127 
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=36865 DF PROTO=TCP SPT=1074 DPT=5800 
WINDOW=5840 RES=0x00 SYN URGP=0
Shorewall:all2all:REJECT:IN= OUT=eth0 SRC=4.2.2.2 DST=192.168.101.127 
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=36865 DF PROTO=TCP SPT=1075 DPT=5800 
WINDOW=5840 RES=0x00 SYN URGP=0
Shorewall:all2all:REJECT:IN= OUT=eth0 SRC=4.2.2.2 DST=192.168.101.127 
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=36865 DF PROTO=TCP SPT=1076 DPT=5800 
WINDOW=5840 RES=0x00 SYN URGP=0
Shorewall:all2all:REJECT:IN= OUT=eth0 SRC=4.2.2.2 DST=192.168.101.127 
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=36865 DF PROTO=TCP SPT=1077 DPT=5800 
WINDOW=5840 RES=0x00 SYN URGP=0

Thanks
Yogesh

_______________________________________________
Shorewall-newbies mailing list
Post: Shorewall-newbies at lists.shorewall.net
Subscribe/Unsubscribe:
https://lists.shorewall.net/mailman/listinfo/shorewall-newbies
Support: http://www.shorewall.net/support.htm
FAQ: http://www.shorewall.net/FAQ.htm



More information about the Shorewall-newbies mailing list