[ale] SSH+multiple ports?

Jonathan Rickman jonathan at xcorps.net
Thu May 24 20:08:14 EDT 2001 

I'm assuming at least one thing here...you're using ipchains.

I'm not that familiar with the internals of the port forwarding function,
but to the best of my knowledge all in-firewall forwarding takes place by
reverse-masquerading.

So ipchains -M -S [tcp] [tcpfin] [udp] should do the trick.

The three values are simple:

tcp = tcp connection timeout in seconds
tcpfin = tcp connection timeout in seconds after a FIN packet is recieived
udp = udp timeout in seconds

ipchains -M -S 3600 60 600

is a reasonable setting, your ssh sessions will time out after one hour
(3600 seconds)  regardless of activity. Adjust to suit your taste. I'd
leave the other two alone.


>From the man page...

-M, --masquerading

This option allows viewing of the currently masqueraded connections
(in con-juction with the -L option) or to  set  the  kernel masquerading
parameters (with the -S option).

-S, --set tcp tcpfin udp

Change  the timeout values used for masquerading.  This command always
takes 3 parameters, representing the timeout values (in seconds) for TCP
sessions, TCP sessions after receiving a FIN packet, and UDP packets,
respectively.  A timeout value 0 means that the current timeout value  of
the  corresponding entry is preserved. This option is only allowed in
combination with the -M flag.

Hope this helps...

-- 
Jonathan Rickman
X Corps Security
http://www.xcorps.net

On Thu, 24 May 2001, Robert L. Harris wrote:

>
>
> Due to a firewall at work I can't ssh to my house on port 22.  Very odd
> problem with a foundry switch I can't go into, but I can't.  I can howerver
> go to port 2200 or the like.  I currently have a redirector redirecting port
> 2200 to 22.  For some reason if the screen doesn't update very regularly,
> such as when I'm sittin in my mutt window and change screen or get a drink,
> I come back and the session is timed out.  I've turned "keep alive" on for
> the server and the client but still happens.  I think it may be related
> to the redirector.  I've been told there's a way to have sshd listen on 2
> ports but can't find a working solution.  I've been told to have 2 lines:
>
> Port 22
> Port 2200
> and it listens on 22, but not 2200...
>
> Robert
>
> :wq!
> ---------------------------------------------------------------------------
> Robert L. Harris                |  Micros~1 :
> Senior System Engineer          |    For when quality, reliability
>   at RnD Consulting             |      and security just aren't
>                                 \_       that important!
> DISCLAIMER:
>       These are MY OPINIONS ALONE.  I speak for no-one else.
> FYI:
>  perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'
>
> --
> To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
>


--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.

More information about the Ale mailing list