Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
SSH
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
SSH - 12.Aug.2005 6:06:00 PM
|
|
|
Chuck Cox
Posts: 14
Joined: 25.May2005
From: Seattle, WA
Status: offline
|
I have a Unix server behind the SBS server that has ISA and I'd like to be able to connect to the Unix box using SSH from the web, is this possible?
The Unix box has a static privite ip address and I can telnet into it fine from inside the network. Prior to setting up the SBS network I was able to connect with SSH externally without any problems.
Thanks in advance for any guidance.
Chuck
|
|
|
|
RE: SSH - 15.Aug.2005 7:14:00 AM
|
|
|
tshinder
Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Chuck,
Create a Server Publishing Rule.
1. Create a Protocol Definition for TCP 22 Inbound
2. Create a Server Publishing Rule using that rule
HTH,
Tom
|
|
|
|
RE: SSH - 24.Aug.2005 11:45:00 PM
|
|
|
Chuck Cox
Posts: 14
Joined: 25.May2005
From: Seattle, WA
Status: offline
|
Tom,
Following your advice and the steps outlined in your book I tried setting up the publishing rule and the protocol. It doesn't work. This is what I've done:
router has a public IP which is Natted to the private IP of the SBS external nic. I've allowed the ssh port to go to the SBS box (external nic), Ive set the publishing rule to listen on external and direct to the private IP of the Unix box that I want to be able to access. Whenever I try to SSH to the Unix server it just times out?
One other note, I'm using a terminal emultion program called TinyTerm by Century software to create the connection from a windows box on the outside of the network. This worked fine when all I used was the router to nat to the peer to peer network that was setup prior to the SBS install. The program also works flawlessly from inside the network.
Any suggestions and or advice will be greatly appreciated.
Chuck
|
|
|
|
|
RE: SSH - 25.Aug.2005 12:10:00 AM
|
|
|
tshinder
Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Chuck,
It definitely will work with the ISA firewall then. Its just a matter of figuring out where the traffic stops.
Is the server a SecureNAT client?
Thanks!
Tom
|
|
|
|
|
RE: SSH - 25.Aug.2005 2:02:00 PM
|
|
|
Chuck Cox
Posts: 14
Joined: 25.May2005
From: Seattle, WA
Status: offline
|
Tom,
I just checked sessions in the ISA control panel on the SBS box and it shows the unix box as running secure nat.
One other note from inside the network I'm telneting into the unix server using the emulation program not SSH.
Thanks again,
Chuck
|
|
|
|
|
RE: SSH - 26.Aug.2005 9:26:00 AM
|
|
|
Chuck Cox
Posts: 14
Joined: 25.May2005
From: Seattle, WA
Status: offline
|
One more thing. I connected successfully using SSH from within the network yesterday afternoon. Still no luck connecting from outside though.
Chuck
|
|
|
|
|
RE: SSH - 31.Aug.2005 9:19:00 PM
|
|
|
tshinder
Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Chuck,
Do you have a network diagram that could give me a better idea of your configuration?
Thanks!
Tom
|
|
|
|
|
RE: SSH - 2.Sep.2005 8:48:00 AM
|
|
|
tshinder
Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Chuck,
OK, got the diagram and its a simple setup, so no problems there.
Are the connections making it to the ISA firewall?
Can you post the relavent log entries?
Thanks!
Tom
|
|
|
|
|
RE: SSH - 14.Sep.2005 4:55:00 AM
|
|
|
Guest
|
Hi
I published SSH on ISA 2004. But I have small problem. If I check "Requests apper to come from the ISA Server" everything works fine. But with option "Requests apper to come from original client" the rule fails.
Some advices ?
rgds
Sebastian Popek
popeks@balticwrecks.com
|
|
|
|
|
RE: SSH - 14.Sep.2005 7:34:00 AM
|
|
|
tshinder
Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Sebastian,
If you want to preserve the client IP address, then you will need to make sure the SSH server is a SecureNAT client and that it doesn't require source IP addresses to be limited to internal addresses.
HTH,
Tom
|
|
|
|
|
RE: SSH - 16.Sep.2005 5:53:00 AM
|
|
|
Guest
|
Hi
Thank you. Now, everthing works well.
Sebastian
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
