On Sun, 28 Mar 2004 21:48:46 +0100, Someone named Antony Stone <Antony@xxxxxxxxxxxxxxxxxxxx> wrote: > On Sunday 28 March 2004 8:52 pm, Cody Harris wrote: > > > Here's my setup: > > My filewall has eth0 and eth1. 0 is ethe net and 1 is my ssh box. Eth0 is > > 10.30.7.147 and Eth1 is 192.168.0.1...Eth1 is connected to Eth0 on the > > other box...192.168.0.2. > > > > We have found out ssh isn't forwarding properly. What's the deal? > > 1. Is any other protocol being forwarded correctly? I'm only forwarding tcp, i don't know what the deal is with ICMP. > > 2. What does "cat /proc/sys/net/ipv4/ip_forward" return? 1 > > 3. What do you mean by "properly"? Does ssh work at all? Sometimes? From > some machines? Only for a certain time, then stops? What? It logs into my firewall. We've tested that by creating "phoneyuser" on the firewall and logging in as that. > > > This is my firewall setup: > > > > Chain FORWARD (policy ACCEPT) > > target prot opt source destination > > ACCEPT all -- anywhere anywhere > > ACCEPT icmp -- anywhere anywhere icmp echo-reply > > ACCEPT icmp -- anywhere anywhere icmp > > destination-unreachable ACCEPT icmp -- anywhere anywhere > > icmp redirect ACCEPT icmp -- anywhere anywhere > > icmp echo-request ACCEPT icmp -- anywhere anywhere > > icmp time-exceeded ACCEPT tcp -- anywhere > > 192.168.0.2 tcp dpt:ssh > > 4. Sorry for the way my mailer has mangled your rules, however please post the > output from "iptables -L FORWARD -nvx" (the v is important as it shows the > interface data which is not in the standard listing output). > > 5. How are you testing the setup? > > Regards, > > Antony. > > -- > If at first you don't succeed, destroy all the evidence that you tried. > > Please reply to the list; > please don't CC me. > > -- +------------------+-----------------------------+ | Cody Harris | --------------------------- | | ---------------- | --------------------------- | +------------------+-------+---------------------+---+ | *Sigh*. No key. | +----------------------------------------------------+
