'Re: DHCP host syntax and X forwarding'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: DHCP host syntax and X forwarding
From:       Pauline van Winsen <Pauline.van.Winsen () eserv ! com ! au>
Date:       2000-02-26 21:15:08
[Download RAW message or body]

hiya,

> I've been trying to allow my host to accept ssh connections
> only. These are the pertinent lines from ipf.rules
> 
> block in on ep1 all
> pass in on ep1 proto tcp/udp from any to 0/32 port = 22 

you also need to allow outgoing traffic from sshd to connecting clients.
 
> Basically I want to allow ssh connections from anyone to this host.

hmm... - then i suggest you nail down the host & sshd config. SSH is great tool
but permitting connections from anywhere can open up a nice encrypted
tunnel from anywhere through to networks you care about.
 
> Also, I've been struggling with the X forwarding part of ssh. My
> understanding is that I need to poke holes in my firewall around 6000
> to let in connections. 

no. all ports forwarded through the ssh tunnel, including X traffic, go via 
the client connection to the sshd daemon - by default port 22.
all you need to permit X forwarding, is xauth, a line in the client & server
config + filters to permit traffic to & from port 22.
 
> Any hints, suggestions, sarcasm?

i suggest you read the ssh faq:
http://www.tigerlair.com/ssh/faq/ssh-faq.html

& check out the ssh mailing list & archive @:
http://marc.theaimsgroup.com/

this site has searchable archives of both the ssh list & ip-filter
in the information security section.

hope this helps,
pauline

Pauline van Winsen, Senior Technical Consultant      pauline@eserv.com.au
eServ Pty Ltd                 http://www.eserv.com.au/people/pauline.html      
"One important point often overlooked is that colours should be selected
so that they will not clash with your own personal colouring. After all,
you will be living in the house & each room must provide a suitable
background for you."
		Home decorating - Introduction, Woman's World, circa 1964.

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic