extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-21 18:21:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Correct FAQ 1e

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2017-02-25 08:54:14 -08:00
parent 6966270822
commit e8a5c45aae
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docs/FAQ.xml
View File

@ -406,6 +406,14 @@ DNAT net loc:192.168.1.3:22 tcp 1022</programlisting>
the net. Is it possible to only redirect 4104 to the localhost port 22 the net. Is it possible to only redirect 4104 to the localhost port 22
and have connection attempts to port 22 from the net dropped?</title> and have connection attempts to port 22 from the net dropped?</title>
<important>
<para>On systems with the "Extended Conntrack Match"
(NEW_CONNTRACK_MATCH) capability (see the output of
<command>shorewall show capabilities</command>), port 22 is opened
only to connections whose original destination port is 4104 and this
FAQ does not apply.</para>
</important>
<para><emphasis role="bold">Answer </emphasis>courtesy of Ryan: Assume <para><emphasis role="bold">Answer </emphasis>courtesy of Ryan: Assume
that the IP address of your local firewall interface is 192.168.1.1. that the IP address of your local firewall interface is 192.168.1.1.
If you configure SSHD to only listen on that address and add the If you configure SSHD to only listen on that address and add the