**** BEGIN LOGGING AT Mon Nov 30 02:59:58 2009
Nov 30 07:58:19 <Danicasti> Buongiorno!
**** BEGIN LOGGING AT Mon Nov 30 13:17:42 2009
Nov 30 20:29:00 <ciastek> what is a blessed way to change ssh port?
Nov 30 20:30:41 <blathijs> I think the port is hardcoded in the initscript or fonstated script
Nov 30 20:31:05 <blathijs> ciastek: Check /etc/fonstated/SSHRestart or something similar (perhaps it uses Dropbear) in the name
Nov 30 20:31:45 <ciastek> blathijs: yes, it is in lua script /etc/fonstated/RestartSSH and yes, it uses dropbear
Nov 30 20:32:19 <ciastek> blathijs: a should feel no fear with changing dropbear's port in this script? :)
Nov 30 20:32:48 <blathijs> ciastek: You probably also need to change it in /etc/config/services, so the firewall knows about it
Nov 30 20:33:09 <blathijs> ideally, the RestartSSH script should just read the port from /etc/config/services, but that's not the case right now IIRC
Nov 30 20:33:36 <blathijs> (Though the firewall stuff is only for SSH from WAN AFAIK)
Nov 30 20:34:04 <ciastek> i need to change ssh port to access it from wan
Nov 30 20:34:15 <ciastek> maybe there is beeter way to do this? using iptables?
Nov 30 20:35:19 <blathijs> Hmm, Somebody mentioned a redirect a while back, yes
Nov 30 20:35:30 <blathijs> Which also leaves the original 22 port working
Nov 30 20:36:04 <blathijs> 22:16 < xMff> fyi, iptables -t nat -I PREROUTING -i eth0.1 -p tcp --dport 22 -j REDIRECT --to-ports 443 has a similar effect
Nov 30 20:36:13 <blathijs> 22:17 < xMff> you might also need:  iptables -I INPUT -i eth0.1 -p tcp --dport 443 -j ACCEPT
Nov 30 20:36:37 <ciastek> blathijs: looks great
Nov 30 20:36:50 <blathijs> 22:22 < xMff> oh and I accidentally swapped the ports in the rule above, --dport must be 443 and --to-ports 22  obviously
Nov 30 20:36:55 <ciastek> i have taken a look at iptable -L, but number of chains is overhelming
Nov 30 20:37:11 <blathijs> Yeah, we should write a guide about the firewall somewhere :-)
Nov 30 20:37:27 <blathijs> ciastek: But you can drop those commands into /etc/fon.firewall IIRC
Nov 30 20:37:42 <ciastek> blathijs: a thought about rc.local :)
Nov 30 20:38:21 <ciastek> firewall.fon looks nice
Nov 30 20:38:57 <ciastek> blathijs: thanks a lot!
Nov 30 20:41:56 <blathijs> ciastek: Hmm, I have this thing with swapping components of filenames it seems :-p
Nov 30 20:49:16 <ciastek> it's rather lack of filenaming convention ;)
**** ENDING LOGGING AT Tue Dec 01 02:59:58 2009