Date: Fri, 31 Jan 2003 10:51:36 +0000 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: freebsd-questions@FreeBSD.ORG Subject: Re: ssh & ipfw Message-ID: <20030131105136.GB68243@happy-idiot-talk.infracaninophi> In-Reply-To: <nioj3v8mnn1omqrpoi322pf926lodcf2f9@4ax.com> References: <nioj3v8mnn1omqrpoi322pf926lodcf2f9@4ax.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jan 30, 2003 at 10:06:45PM -0500, Pete C wrote: > any quick pointers for how to go about setting up ssh though ipfw on a > gateway/router running nat to one of the internal machines ? (FreeBSD > on both the router and internal machine) Let me guess. You've set up natd(8) on your gateway machine to forward port 22 to your internal machine --- something like: natd -redirect_port tcp internalhost:22 22 and when you connect from an external site to port 22 on the gateway, ssh rejects the connection complaining that some impostor is trying to pose as your intended target machine? Supplying this level of detail will get you much more effective answers than hinting vaguely about your problems. Two thoughts: i) If you want ssh access to your site to be redirected from the gateway to an internal machine as shown above, then you should realise that you can't mix that with direct ssh access to the gateway machine. You need to ensure that the same host key is presented to the client each time it attempts to connect to the same server name / IP number. You should set up the host keys in ~/.known_hosts or /etc/ssh/ssh_known_hosts accordingly. ii) You might find this rather useful: http://www.oreilly.com/catalog/sshtdg/chapter/ch11.html Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030131105136.GB68243>