What happens if you globally accept ssh without connection state checking? Something like:# ssh (all interfaces) iptables -A INPUT -s <allowed-network>/16 -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT iptables -A INPUT -s <allowed-network>/16 -p udp -m state --state NEW -m udp --dport 22 -j ACCEPT # forward (routing) # accept what was already accepted iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT # ssh iptables -A FORWARD -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT iptables -A FORWARD -p udp -m state --state NEW -m udp --dport 22 -j ACCEPT
iptables -A INPUT -s <allowed-network>/16 -p tcp --dport 22 -j ACCEPTAlso, I would try adding some logging rules to see what the packets look like.
Hope this helps. - Dave P. -- Dave Parker Utica College Department of Integrated Information Technology Services Data Processing Office (315) 792-3229
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature