SSH nat-forwarded

Lowell Gilbert freebsd-questions-local at
Tue May 13 19:34:43 PDT 2003

Niklas Saers Mailinglistaccount <niklasmls at> writes:

> Hi,
> I've got a firewall that forwards ports to SSH-ports on boxes it protects.
> This has been good for all 4-STABLE boxes, but I've recently put up a
> CURRENT box. I can SSH to the firewall and from the firewall to the
> CURRENT box, but I do not get a proper connection when having it forwarded
> through the firewall.
> Let's say my external box 'ext' is on, my firewall 'fw' is on
> and my internal CURRENT-box on
> 'fw' masquerades using
> "/sbin/natd -interface fxp0 -redirect_port 5051"
> and "firewall":
>  ipfw add divert 8668 ip from any to any via fxp0
>  ipfw add allow ip from any to any
> from 'fw' "telnet 22" gives the classic "SSH-1.99"-etc
> while from 'ext' "telnet 5051" gives no greeting at all. It
> listens and terminates the connection after a short while.
> Any suggestions to why ssh doesn't connect correctly? I've forwarded other
> ports to other services on the same box and it works flawlessly. Thus I
> suspect that 'sshd' understands I've forwarded this connection and doesn't
> like it the least bit. Can I turn of this hypersensitivity?

Actually, it sounds more like the packets are getting dropped inside
somewhere.  Check the traffic on the inside link to see.

[Are you sure you can do without the "tcp" specifier right after the
"-redirect_port" option?]

More information about the freebsd-questions mailing list