[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: iptables rule for sshd

Dah.. :-) thanks for the help. You guys are life savers.

Also, after adding this it didn't work either. Then I realized that
since I was trying to ssh from the same machine, I need another rule for
the INPUT chain to ACCEPT every thing from the lo interface. Even though
I use 

>ssh -l <loginName> <IP>

It still uses the lo 127.0.0.1 for connecting to sshd.

So now I am able to ssh from the local machine. Thanks to all you folks.


However, when I try to connect from the Internet using ssh, it just
disconnects me. Why is that? When I try to connect, I even see that the
packet count for ssh rule in the INPUT chain gets an increase of four
packets. Are there other thing I need to look into like host.allow and
stuff? I can ping the machine from the internet because I have a
firewall rule for icmp-type echo-reply. Any ideas why it doesn't like
ssh connections, even after having the ssh ACCEPT rule. 

Also, since I am new, I am having lots of problems in guessing what
packets are coming in and what rules need to be added. Is there a GOOD
way to analyze the packets traversing through my interfaces? I know that
I can add the -j LOG rule, but that is too hard to read, or perhaps is
there a better way to analyze these logs?

Thanks in advance.

Regards,

Nabil.


-----Original Message-----
From: Didar Hussain [mailto:didar@uics-india.com] 
Sent: Sunday, August 01, 2004 8:54 PM
To: debian-user@lists.debian.org
Subject: Re: iptables rule for sshd

On Sun, Aug 01, 2004 at 08:29:52PM +0300, NabilM@kuveytturk.com.tr
wrote:
> Iptables -A INPUT -p tcp -sport ssh -j ACCEPT
> 

Try:

iptables -A INPUT -p tcp --dport ssh -j ACCEPT

Didar



DISCLAIMER:
Bu elektronik posta ve ekleri, sadece yukarida ismi yazili alicinin dikkatine gonderilmistir. Mesajin muhatabi degilseniz, icerigini ve varsa ekindeki dosyalari kimseye aktarmayiniz ya da kopyalamayiniz. Boyle bir durumda gondereni uyarip, mesaji imha ediniz. KUVEYT TURK E.F.K. A.S bu e-postanin ve eklerinin icerdigi bilgilerin size degisiklige ugrayarak ulasmasindan veya gec ulasmasindan, butunlugunun ve gizliliginin korunamamasindan veya icerigine guvenilerek yapilacak islemlerden dolayi sorumlu tutulamaz.
This e-mail & its content have been sent to the attention of the receiver named above. If you are not the intended recipient (or have received this e-mail in error), Please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. Kuwait Turkish Evkaf Finance House shall not be held liable for the arrival of this e-mail & its content as modified or late, the protection of integrity and secrecy and shall not be liable to any person who acts or omits to do anything in reliance upon it.
Reply to: