RE: changing SSH ports
From: Burke, Thomas G. (tg.burke_at_ngc.com)
Date: 05/03/05
- Previous message: Burke, Thomas G.: "RE: [Q] any good and free ssh tool on PC"
- Maybe in reply to: Burke, Thomas G.: "changing SSH ports"
- Next in thread: Burke, Thomas G.: "RE: changing SSH ports"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 3 May 2005 10:00:16 -0400 To: "General Red Hat Linux discussion list" <redhat-list@redhat.com>
This *IS* a home connection.
The modem has had the firmware modified to support PPPoE passthru, so the interior box handles all the authentication & so forth. The router is a LinkSys WRT54G, plugged directly into the modem (server has been moved back). All connections thru the router to the server work fine (ports 22, 25, 80).
Added the router tport triggers & port passthru to allow port 26, as well. I can connect thru if ssh is on port 22, but not on port 26. I didn't get a chance to doublechek last night, but I think I can connect from inside the house, from another machine. I have modified my firewall to add the port 26. I'm beginning to wonder if I need to modify my services script or something, although I thought that wasn't used by anything...
-Tom
-----Original Message-----
From: redhat-list-bounces@redhat.com [mailto:redhat-list-bounces@redhat.com]On Behalf Of Michael Velez
Sent: Tuesday, May 03, 2005 3:42 AM
To: 'General Red Hat Linux discussion list'
Subject: RE: changing SSH ports
> -----Original Message-----
> From: redhat-list-bounces@redhat.com
> [ mailto:redhat-list-bounces@redhat.com] On Behalf Of Burke, Thomas G.
> Sent: Monday, May 02, 2005 3:38 PM
> To: redhat-list@redhat.com
> Subject: changing SSH ports
>
> All,
>
> I'm having some problems that I'm not quite able to
> figure out, yet.
>
> 1) Changed /etc/ssh2/ssh2d_config
> listening on port 26
>
> 2) Changed firewall to allow connections on port 26
>
> 3) Changed router to allow IPMASQ on port 26 as well
> as port 22.
>
>
> logs show ssh2d running on port 26
>
> can login from internal network, but not from internet.
>
> any clues?
>
> Thanks,
> Tom
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
Is this a home connection? Do you have a separate dsl modem and router?
If the above is not your setup, disregard what I say below.
If it is, you need to add an NAPT entry (Network Address Port Translation)
into your dsl modem, as well, which should look like the following:
inside address: <router ip address as seen by modem>:26
outside address: <your external ip address>:26
protocol:tcp
I have only set one up for tcp and it seems to work fine. I have ssh'd to a
different port many times. By the way, you would need this even if you ssh'd
to port 22.
The router IP address is the address as seen by the modem, so it is not the
typical router address you see in your LAN. In my setup, the router IP
address as seen from the modem is 10.0.0.1 and as seen from my internal LAN
is 192.168.1.1.
Most modems will allow you to specify a rule template as opposed to the NAPT
rule itself. This helps if you have a dynamic IP address, which most
residential setups do. If you reboot your modem, your ISP will allocate a
different IP address to your dsl modem. So your external IP address will
change, requiring you to change the NAPT rule every time you reboot. By
creating a template, you can specify 0.0.0.0 as the IP address and the NAPT
rule will be dynamically generated using whatever external IP address your
dsl modem has been assigned.
For my setup, the NAPT template would be:
inside address: 10.0.0.1:26
outside address: 0.0.0.0:26
protocol: tcp
As for the router, your router may be different; however, I needed to create
a Virtual Server entry in the router's Firewall section with the following:
Virtual Server IP Address: <RedHat Linux Server IP Address>
Service Name: Secure Shell
Service Port: 26
That is all I did on the router side. Since I did nothing to setup port 22,
both my modem and router block messages coming on that port. I do not use
DMZ.
Since you can login from your internal network, your RedHat Linux firewall
and sshd configuration seem to be working fine.
Hope this helps,
Michael
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
- Previous message: Burke, Thomas G.: "RE: [Q] any good and free ssh tool on PC"
- Maybe in reply to: Burke, Thomas G.: "changing SSH ports"
- Next in thread: Burke, Thomas G.: "RE: changing SSH ports"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
