[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ipfwadm / ipchains: can't enable ssh !

Jochen Wiedmann wrote:

> Marco Maggesi wrote:
> >
> > it seems that ssh uses privileged ports (0:1023)
> > on the source host and port 22 on the target host.
> That can be changed by using
>         UsePriviledgedPort no
> in /etc/ssh/ssh_config.

It's ok to leave it on port 22... but when I enabled port 22 it still
doesn't work. Theoretically port 22 should be used on remote host and
port>1023 is used at local host. I set up the firewall with no limits to
outgoing packets,  incoming packets are allowed when port > 1023 and ACK
is set.
I'm sitting *at* the firewall and can telnet to x.x.x.x (stands for hosts
outside the firewall but not the firewall itself) but I can't ssh to
I'm NOT talking about forwarding from a client through the firewall.
If port 22 is enabled on firewall I can't even telnet on the firewall
host - what's this ?
When I "telnet [remote host] 22" I get an ssh prompt - so something must
be filtered out on it's way back.

Looks like a bug to me ...

Reply to: