Re: can a SSH server initiate a connection?

To: debian-user@lists.debian.org
Subject: Re: can a SSH server initiate a connection?
From: Osamu Aoki <osamu@debian.org>
Date: Tue, 3 Aug 2004 01:18:33 +0200
Message-id: <[🔎] 20040802231833.GA21050@aokiconsulting.com>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 200408021306.02086.rl2@shinyblue.net>
References: <[🔎] 200408012008.16928.rl2@shinyblue.net> <[🔎] 20040801205749.GC24106@aokiconsulting.com> <[🔎] 200408021306.02086.rl2@shinyblue.net>

On Mon, Aug 02, 2004 at 01:05:54PM +0100, rich wrote:
> > Do you control firewall?
> >   If yes : use DNAT to redirect external connection to SSH server
> >              (if firewall is NAT box)
> >            or open port 22 and forward connectio to internal hosts
> 
> There's a firewall I control (which allows port 22 so long as the SYN packet 
> comes from inside), but that's behind a NAT router, so the only way to "find" 
> my server on the internet is if IT initiates the connection.

Something like:
 1. INPUT ACCEPT: port 22 even for external to internal connection.
 2. PREROUTING DNAT: to reroute connection to internal box.
 3  FORWARD ACCEPT: allow external port 22 connection to inside

Please try ipmasq package from unstable and read examples.
It should cleanly install even to woody :-)
Hmm... after security fix, I may need some fix for this 3rd item.

Osamu

Reply to:

References:
- can a SSH server initiate a connection?
  - From: rich <rl2@shinyblue.net>
- Re: can a SSH server initiate a connection?
  - From: Osamu Aoki <osamu@debian.org>
- Re: can a SSH server initiate a connection?
  - From: rich <rl2@shinyblue.net>

Prev by Date: Re: Package to delete pre-incoming mail?
Next by Date: Re: Is Linux Unix?
Previous by thread: Re: can a SSH server initiate a connection?
Next by thread: kde applications signal 11
Index(es):
- Date
- Thread