mirror of
https://gitlab.com/shorewall/code.git
synced 2025-06-21 18:21:27 +02:00
Correct FAQ 1e
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
6966270822
commit
e8a5c45aae
@ -406,6 +406,14 @@ DNAT net loc:192.168.1.3:22 tcp 1022</programlisting>
|
|||||||
the net. Is it possible to only redirect 4104 to the localhost port 22
|
the net. Is it possible to only redirect 4104 to the localhost port 22
|
||||||
and have connection attempts to port 22 from the net dropped?</title>
|
and have connection attempts to port 22 from the net dropped?</title>
|
||||||
|
|
||||||
|
<important>
|
||||||
|
<para>On systems with the "Extended Conntrack Match"
|
||||||
|
(NEW_CONNTRACK_MATCH) capability (see the output of
|
||||||
|
<command>shorewall show capabilities</command>), port 22 is opened
|
||||||
|
only to connections whose original destination port is 4104 and this
|
||||||
|
FAQ does not apply.</para>
|
||||||
|
</important>
|
||||||
|
|
||||||
<para><emphasis role="bold">Answer </emphasis>courtesy of Ryan: Assume
|
<para><emphasis role="bold">Answer </emphasis>courtesy of Ryan: Assume
|
||||||
that the IP address of your local firewall interface is 192.168.1.1.
|
that the IP address of your local firewall interface is 192.168.1.1.
|
||||||
If you configure SSHD to only listen on that address and add the
|
If you configure SSHD to only listen on that address and add the
|
||||||
|
Loading…
x
Reference in New Issue
Block a user