From owner-freebsd-questions@FreeBSD.ORG Wed Nov 14 04:11:44 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 907686B1 for ; Wed, 14 Nov 2012 04:11:44 +0000 (UTC) (envelope-from kline@thought.org) Received: from p3plsmtpa08-03.prod.phx3.secureserver.net (p3plsmtpa08-03.prod.phx3.secureserver.net [173.201.193.104]) by mx1.freebsd.org (Postfix) with ESMTP id 6177E8FC08 for ; Wed, 14 Nov 2012 04:11:44 +0000 (UTC) Received: from ethic.thought.org ([209.180.213.209]) by p3plsmtpa08-03.prod.phx3.secureserver.net with id PG981k0034XeM0101G98mB; Tue, 13 Nov 2012 21:09:08 -0700 Date: Tue, 13 Nov 2012 20:09:08 -0800 From: Gary Kline To: Polytropon Subject: Re: well, try here first... Message-ID: <20121114040908.GD16091@ethic.thought.org> References: <20121113052159.GA31404@ethic.thought.org> <20121113063952.5c9bfaa2.freebsd@edvax.de> <20121113075721.GB3359@ethic.thought.org> <20121113090812.97e1c6a1.freebsd@edvax.de> <20121113185040.GA2570@ethic.thought.org> <20121114023543.0a1737eb.freebsd@edvax.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20121114023543.0a1737eb.freebsd@edvax.de> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: FreeBSD Mailing List X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Nov 2012 04:11:44 -0000 On Wed, Nov 14, 2012 at 02:35:43AM +0100, Polytropon wrote: > > box. it's got a web interface and runs some flavor of firewall that > > I never studied. yuk. > > I assume your "HW firewall" protects you to the outside. Of > course it should allow SSH connections from the outside to > the "tao" box _if_ you want it that way. my netgear and pfSense setup surprised me this afternoon. the initial setup listed my internal IP as 10.47.0.114, but something I did changed the DHCP leases section to 10.47.0.113 . after that, I could ssh out and then ssh back to tao. > But I was thinking about the firewall run by the Fedora OS > that might block SSH connections to "tao", no matter from > where they come, just as if you would have set up FreeBSD's > ipfw with the default to deny connections: without explicitely > enabling SSH connections the server cannot be reached, no > matter if it's running. > I havent used ipfw for many years. the most recent firewall I ran was on FBSD 5.X and was {i think} "pfw". I got quite good at it. I should learn more about plain "pf" and pfSense. do you know if pf/pfsense defaults to DENY incoming connections? that would explain a Lot! > > > > > > The way _how_ to enable it depends on the distribution you're > > > > > using and is very different among the Linusi. > > > > > > > > rt., and this is fedora, my least fav distro. But I've always had > > > > trouble with ssh, even with FBSD. > > > > > > There is a nice summary on how to get the OpenSSH server > > > set up on Fedora: > > > > > > http://www.techotopia.com/index.php/Configuring_Fedora_Linux_Remote_Access_using_SSH > > > > > > Basically, it's about installing and enabling it. The article > > > also discusses how to enable configure the firewall properly. > > > > > > > > > thank you. I'll ck it out. also google other stuff if I have to. > > Check if the Techotopia article matches your version of Fedora. > It shows how to install and enable the SSH server and also > mentions the "built-in" firewall that has to be configured > to allow connections to that server. the URL you had was fedora-13; what I installed fedora-17. and just recently--maybe when I rebooted--i saw fedora-19[?] not sure... . > > >From my limited experience with Fedora (haven't used it for some > time), this looks like what you need to do. > well, the deal is that my volunteer system admin worked for red hat for about 5 years. I'm more used to ubuntu, but my friend says that im on my own.... anyway, things are starting to eork. [!] > > -- > Polytropon > Magdeburg, Germany > Happy FreeBSD user since 4.0 > Andra moi ennepe, Mousa, ... -- Gary Kline kline@thought.org http://www.thought.org Public Service Unix Twenty-six years of service to the Unix community.