[ILUG] Smoothwall port forwarding oddity

[Niall O Broin]

I manage (mostly remotely) an office which has for connectivity a shared 
leased line (provided by another firm in the building) and a DSL line (both 
as backup and because we pay for usage on the LL).

There's a smoothwall box on the DSL which has a number of SNAT rules set up so 
that various people who don't work in the office can connect to various 
machines in the office with assorted protocols. After too long spend typing

ssh -p PORT hostname.dsl

I this morning set up a bunch of entries in my .ssh/config like this

Host lpc1
	HostName hostname.dsl
	Port 2206
	HostKeyAlias lpc1.dsl

which work just nicely - mostly :-(


The exceptions are to a couple of boxes which are in the DMZ off the leased 
line. I can access them directly over the LL so it's not such a big deal, but 
when I try to access them over the forwarded ports on the smoothwall, I get:

ssh: connect to host hostname.dsl port 2208: Connection timed out

If I ssh to the smoothwall, I can from there ssh to the host to which 2208 is 
forwarded without any problems. I have double checked the config, and there 
are two hosts so affected, so a typo which I'm just not seeing seems 
unlikely. 

iptables -L portfwf  on the smoothwall shows:

.
.
.
ACCEPT tcp  --  anywhere             192.168.1.50       state NEW tcp dpt:ssh
ACCEPT tcp  --  anywhere             host1.domain.com	state NEW tcp dpt:ssh
ACCEPT tcp  --  anywhere             host2.domain.com	state NEW tcp dpt:ssh
.
.
.

host1 and host2 show there as names rather than IPs as the smoothwall can 
reverse them.

The only difference I can see is that host[12].domain.com are not on the same 
LAN as the smoothwall, so there is an intervening router but I don't see why 
that should matter.


-- 
Niall