On Sat, 17 May 2003, Tom Lane wrote:
> "Nigel J. Andrews" <nandrews@investsystems.co.uk> writes:
> > This evening I try again and as before get no where. However, I then go into
> > the firewall setup and disable one particular rule that opens all remote
> > hosts/ports for a particular service. [ and then things worked ]
>
> Ooh, been there done that...
>
> I'd suggest watching the traffic with tcpdump or some such tool. I'll
> bet there are transactions going on between ports that you didn't think
> you needed to open.
It's a toss up; do I reply to this email or the one with the subject "loverly
russian brides"? Oh, what the heck, I'll do this one.
I probably wasn't clear. The rule was a _permit_ from localhost to any remote
host/port for something that looked like a core Windows service. I never saw
the network traffic (with tcpdump of course) for the port forwarding until I
disabled that permit rule, thereby actually tightening the firewall.
Sure I got a firewall prompt for the initial ssh connection to the remote
system without the rule but that was expected.
Anyway, I'm thinking of just adding a little bit to the docs in the ssh
tunneling section since there's very little to add past the company's own
documentation and common sense. Is it acceptable to put such specific
product notes in there?
--
Nigel J. Andrews
