Re: ipfwadm / ipchains: can't enable ssh !
Jochen Wiedmann wrote:
> Marco Maggesi wrote:
> >
> > it seems that ssh uses privileged ports (0:1023)
> > on the source host and port 22 on the target host.
>
> That can be changed by using
>
> UsePriviledgedPort no
>
> in /etc/ssh/ssh_config.
>
It's ok to leave it on port 22... but when I enabled port 22 it still
doesn't work. Theoretically port 22 should be used on remote host and
port>1023 is used at local host. I set up the firewall with no limits to
outgoing packets, incoming packets are allowed when port > 1023 and ACK
is set.
I'm sitting *at* the firewall and can telnet to x.x.x.x (stands for hosts
outside the firewall but not the firewall itself) but I can't ssh to
x.x.x.x
I'm NOT talking about forwarding from a client through the firewall.
If port 22 is enabled on firewall I can't even telnet on the firewall
host - what's this ?
When I "telnet [remote host] 22" I get an ssh prompt - so something must
be filtered out on it's way back.
Looks like a bug to me ...
Reply to: