ssh on different port = timeout

Hello,

I have a problem using the feature:
Dns Functions & Edit a DNS Zone

Everytime I run this function the ssh session times out trying to connect to my other name server.

Here is why -
I have my accounting/admin/primaryns server running ssh on a different port for security, so when I run the Edit a DNS Zone it trys to ssh to port 22 and times out. I am able to change most of all of the scripts but the &cpanel/whostmgr/bin/whostmgr& file is a binary and doesn't like to be edited....

I know it is not running on the right port because when I ps -ef this is what I get:

root 12869 12868 0 02:47 ? 00:00:00 ssh -o Protocol 1,2 -q 64.79.167.6 ls /var/named & /root/.sshtmp

and my logs say:

Jun 28 02:58:15 web1 stunnel[12962]: 127.0.0.1.2086 connected from 207.227.102.11:64636
Jun 28 02:51:32 web1 proftpd[12836]: web1.britehost.com (localhost[127.0.0.1]) - FTP login timed out, disconnected. Jun 28 02:59:52
Jun 28 02:54:27 web1 stunnel[12861]: Connection closed: 4584 bytes sent to SSL, 459 bytes sent to socket

Any tips on how I can get through this problem?

Thanks,

Paul

 

Thanks

I just used port forwarding using iptables... and it works like a charm!! Thanks,

Paul

 

WHM is on box1 which is 1.1.1.1
Primary DNS Server is on box 2 which is 2.2.2.2 and also has ssh on a odd port.

In my Firewall using IPtables I inserted the following lines (of course with my real IP's and SSH ports).

#Here is the table that will only accept a connections to port 22 from the ip 1.1.1.1
/usr/sbin/iptables -I INPUT -j ACCEPT -p tcp -s 1.1.1.1 -d 2.2.2.2 --dport 22 -i eth1

#Here we will forward the connections from 1.1.1.1 to another port (44).
/usr/sbin/iptables -A PREROUTING -t nat -p tcp -d 2.2.2.2 --dport 22 -j DNAT --to 2.2.2.2:44


The alternate/hidden ssh port is 44. Now my firewall is set up to forward the ssh connection from 22 if the ip 1.1.1.1 is making the request.

Hope this helps,

Paulblo

 

Well all I use is iptables. It is a packet filtering option within the linux kernal. To get a better idea of what it does and how I would suggest going to http://netfilter.samba.org/ and http://www.linuxguruz.org/iptables/howto/iptables-HOWTO.html .

To sum it up.. it is a program that allows you to filter packets (traffic/data) by protocal, source, destination, port and so on.

Every box weather it is behind a hardware firewall or not should be running either ipchains or iptables or something simular to it to close unused ports and control basic traffic flow.

Hope this helps!

 

Yes and no.

I would create a seperate file and put it in the /etc/rc.d/ directory and add a line in your /rc.local to run it at bootup. The lines I showed you were only two lines, most iptables firewalls include at least 10-50 lines of tables.

That way it is clean and seperate.

If you are going to play around with it I would suggest you leave a back door so you can get back in if it bloacks you out. I learned the hard way and had to call my ISP to have them reboot my box once. I 'll necer do that again

Paulblo