Le mer, 28 jun 2000, MSchoeling@cvs.de a écrit : Hi everyone, we are using SuSE 6.3 and want to configure our firewall using ipchains. a) How can we let ssh passing through, while ssh is using port 22 plus some "changing ports" i.e. some time port 1020, another time port 1023 and so on. b) How has the firewall to be configured when we want to use TeraTerm-ssh, which uses ports 22 and ports somewhere around 63500? I couldnt find anything about it neither in ssh-docs, nor in ipchains-docs. Thanx, Marco Schoeling --- Marco Schoeling, CVS GmbH, Otto-Lilienthal-Str. 10, 28199 Bremen Fon +49-421-35017-0 - Fax +49-421-35017-710 Hi, you can try this : EXTERNAL_INTERFACE="eth0" # whichever you use LOOPBACK_INTERFACE="lo" ANYWHERE="any/0" UNPRIVPORTS="1024:65535" IPADDR="your IP address" # SSH starts at 1023 and works down to 513 for # each additional simultaneous incoming connection. SSH_PORTS="1022:1023" # range for SSH privileged ports #ssh server (22) ipchains -A input -i $EXTERNAL_INTERFACE -p tcp -s $ANYWHERE $UNPRIVPORTS -d $IPADDR 22 -j ACCEPT ipchains -A output -i $EXTERNAL_INTERFACE -p tcp ! -y -s $IPADDR 22 -d $ANYWHERE $UNPRIVPORTS -j ACCEPT ipchains -A input -i $EXTERNAL_INTERFACE -p tcp -s $ANYWHERE $SSH_PORTS -d $IPADDR 22 -j ACCEPT ipchains -A output -i $EXTERNAL_INTERFACE -p tcp ! -y -s $IPADDR 22 -d $ANYWHERE $SSH_PORTS -j ACCEPT # SSH client (22) # --------------- ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y -s $ANYWHERE 22 -d $IPADDR $UNPRIVPORTS -j ACCEPT ipchains -A output -i $EXTERNAL_INTERFACE -p tcp -s $IPADDR $UNPRIVPORTS -d $ANYWHERE 22 -j ACCEPT ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y -s $ANYWHERE 22 -d $IPADDR $SSH_PORTS -j ACCEPT ipchains -A output -i $EXTERNAL_INTERFACE -p tcp -s $IPADDR $SSH_PORTS -d $ANYWHERE 22 -j ACCEPT I don't know for the windows client, but I think it uses the same unprivate ports as ssh client. It should work. Lionel Bargeot -- Information Géographique CNERTA 26 bvd Dr Petitjean 21000 DIJON tél. : 03.80.77.28.49 http://www.cnerta.educagri.fr/infogeo/