[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ale] SSH+multiple ports?
- Subject: [ale] SSH+multiple ports?
- From: jonathan at xcorps.net (Jonathan Rickman)
- Date: Thu, 24 May 2001 20:08:14 -0400 (EDT)
I'm assuming at least one thing here...you're using ipchains.
I'm not that familiar with the internals of the port forwarding function,
but to the best of my knowledge all in-firewall forwarding takes place by
So ipchains -M -S [tcp] [tcpfin] [udp] should do the trick.
The three values are simple:
tcp = tcp connection timeout in seconds
tcpfin = tcp connection timeout in seconds after a FIN packet is recieived
udp = udp timeout in seconds
ipchains -M -S 3600 60 600
is a reasonable setting, your ssh sessions will time out after one hour
(3600 seconds) regardless of activity. Adjust to suit your taste. I'd
leave the other two alone.
>From the man page...
This option allows viewing of the currently masqueraded connections
(in con-juction with the -L option) or to set the kernel masquerading
parameters (with the -S option).
-S, --set tcp tcpfin udp
Change the timeout values used for masquerading. This command always
takes 3 parameters, representing the timeout values (in seconds) for TCP
sessions, TCP sessions after receiving a FIN packet, and UDP packets,
respectively. A timeout value 0 means that the current timeout value of
the corresponding entry is preserved. This option is only allowed in
combination with the -M flag.
Hope this helps...
X Corps Security
On Thu, 24 May 2001, Robert L. Harris wrote:
> Due to a firewall at work I can't ssh to my house on port 22. Very odd
> problem with a foundry switch I can't go into, but I can't. I can howerver
> go to port 2200 or the like. I currently have a redirector redirecting port
> 2200 to 22. For some reason if the screen doesn't update very regularly,
> such as when I'm sittin in my mutt window and change screen or get a drink,
> I come back and the session is timed out. I've turned "keep alive" on for
> the server and the client but still happens. I think it may be related
> to the redirector. I've been told there's a way to have sshd listen on 2
> ports but can't find a working solution. I've been told to have 2 lines:
> Port 22
> Port 2200
> and it listens on 22, but not 2200...
> Robert L. Harris | Micros~1 :
> Senior System Engineer | For when quality, reliability
> at RnD Consulting | and security just aren't
> \_ that important!
> These are MY OPINIONS ALONE. I speak for no-one else.
> perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'
> To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.