Hi,
thank you. you put me on the right path and it definately helped. yes, I was just trying a simple ping and then ssh from an offsite machine. After digging through the firewall debug logs.....what was holding it up was that from the offsite machine the outbound port was 7100 or so to inbound 22 on ssh. well, outbound tcp,22 was enabled in FW_MASQ_NETS for the DMZ but not ranges in the 7100 area. It couldn't reply to the ssh because the firewall was dropping it. once I opened up the outbound reply ports, it worked. I didn't realize that ssh worked on high outbound directed at port 22. looks like more reading ahead.
--> The SSH server is listening at port 22. The SSH client is starting a connection from a port >1023 to port 22 of the server. The actual port number used by the client depends on the SSH client. Don't rely on it being in the 7100 range, it could as well be 1025 or 25473 (or any other number > 1023) Good luck! Armin -- Am Hasenberg 26 office: Institut für Atmosphärenphysik D-18209 Bad Doberan Schloss-Straße 6 Tel. ++49-(0)38203/42137 D-18225 Kühlungsborn / GERMANY Email: schoech@iap-kborn.de Tel. +49-(0)38293-68-102 WWW: http://armins.cjb.net/ Fax. +49-(0)38293-68-50