Welcome, Guest. Please login or register.
Did you miss your activation email?
Tuesday 26 November 2024, 06:03:31 am

Login with username, password and session length

Visit the official Endian Community Mailinglist  HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  SSH on Green Interface
0 Members and 2 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: SSH on Green Interface  (Read 14024 times)
euser
Jr. Member
*
Offline Offline

Posts: 6


« on: Tuesday 13 October 2009, 05:52:50 am »

EFW gurus, need your help...
I would like to find out how  to enable SSH access from internal network only (green interface).
If I go to Firewall - System Access and create a rule for SSH access such as - <ANY>     GREEN     TCP/22      ALLOW      Service (SSH) - it doesn't work unless System - SSH Access - Enable Secure Shell Access is turned on. The problem is that I don't want SSH to be turned on Red interface at all.
Any suggestions?
Thanks in advance Smiley
Logged
StephanSch
Full Member
***
Offline Offline

Gender: Male
Posts: 57


« Reply #1 on: Tuesday 13 October 2009, 06:02:52 am »

If you don't create a firewall rule for RED you cannot access SSH on RED.
Logged
euser
Jr. Member
*
Offline Offline

Posts: 6


« Reply #2 on: Tuesday 13 October 2009, 07:18:35 am »

Thanks for answering so quickly!
I don't have any rules under System Access  for Red zone. I only have a rule for SSH access  <ANY>     GREEN     TCP/22      ALLOW.
SSH doesn't  work for any zones unless System - SSH Access - Enable Secure Shell Access is turned on. When it's turned on I CAN access my EFW via SSH with public IP - not good in my case...
Any additional thoughts??
Logged
danodemano
Full Member
***
Offline Offline

Gender: Male
Posts: 47


WWW
« Reply #3 on: Tuesday 13 October 2009, 09:54:34 am »

Not that this is a huge help...but doesn't SSH require TCP AND UDP (This was always my understanding....for what little it's worth)?  I have mine working just fine and it is not accessible from the outside....though I forward port 22 through to my Linux system on the other side so that may be part of it.  What's funny is that I have NO system rule at all for SSH and my internal network and it works without a problem.  I do have a rule to allow IP from the subnet where I work (permanent end-to-end VPN tunnel) and it works just fine:
10.37.56.0/22     <ANY>     TCP+UDP/22      ALLOW      Allow SSH from Conelec subnet
Logged
euser
Jr. Member
*
Offline Offline

Posts: 6


« Reply #4 on: Friday 16 October 2009, 02:59:08 am »

Thank you all. Problem is resolved
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.109 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com