Correct FAQ 1e

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2017-02-25 08:54:14 -08:00
parent 6966270822
commit e8a5c45aae
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10

View File

@ -406,6 +406,14 @@ DNAT net loc:192.168.1.3:22 tcp 1022</programlisting>
the net. Is it possible to only redirect 4104 to the localhost port 22 the net. Is it possible to only redirect 4104 to the localhost port 22
and have connection attempts to port 22 from the net dropped?</title> and have connection attempts to port 22 from the net dropped?</title>
<important>
<para>On systems with the "Extended Conntrack Match"
(NEW_CONNTRACK_MATCH) capability (see the output of
<command>shorewall show capabilities</command>), port 22 is opened
only to connections whose original destination port is 4104 and this
FAQ does not apply.</para>
</important>
<para><emphasis role="bold">Answer </emphasis>courtesy of Ryan: Assume <para><emphasis role="bold">Answer </emphasis>courtesy of Ryan: Assume
that the IP address of your local firewall interface is 192.168.1.1. that the IP address of your local firewall interface is 192.168.1.1.
If you configure SSHD to only listen on that address and add the If you configure SSHD to only listen on that address and add the