RE: iptables rule for sshd
Dah.. :-) thanks for the help. You guys are life savers.
Also, after adding this it didn't work either. Then I realized that
since I was trying to ssh from the same machine, I need another rule for
the INPUT chain to ACCEPT every thing from the lo interface. Even though
>ssh -l <loginName> <IP>
It still uses the lo 127.0.0.1 for connecting to sshd.
So now I am able to ssh from the local machine. Thanks to all you folks.
However, when I try to connect from the Internet using ssh, it just
disconnects me. Why is that? When I try to connect, I even see that the
packet count for ssh rule in the INPUT chain gets an increase of four
packets. Are there other thing I need to look into like host.allow and
stuff? I can ping the machine from the internet because I have a
firewall rule for icmp-type echo-reply. Any ideas why it doesn't like
ssh connections, even after having the ssh ACCEPT rule.
Also, since I am new, I am having lots of problems in guessing what
packets are coming in and what rules need to be added. Is there a GOOD
way to analyze the packets traversing through my interfaces? I know that
I can add the -j LOG rule, but that is too hard to read, or perhaps is
there a better way to analyze these logs?
Thanks in advance.
From: Didar Hussain [mailto:email@example.com]
Sent: Sunday, August 01, 2004 8:54 PM
Subject: Re: iptables rule for sshd
On Sun, Aug 01, 2004 at 08:29:52PM +0300, NabilM@kuveytturk.com.tr
> Iptables -A INPUT -p tcp -sport ssh -j ACCEPT
iptables -A INPUT -p tcp --dport ssh -j ACCEPT
Bu elektronik posta ve ekleri, sadece yukarida ismi yazili alicinin dikkatine gonderilmistir. Mesajin muhatabi degilseniz, icerigini ve varsa ekindeki dosyalari kimseye aktarmayiniz ya da kopyalamayiniz. Boyle bir durumda gondereni uyarip, mesaji imha ediniz. KUVEYT TURK E.F.K. A.S bu e-postanin ve eklerinin icerdigi bilgilerin size degisiklige ugrayarak ulasmasindan veya gec ulasmasindan, butunlugunun ve gizliliginin korunamamasindan veya icerigine guvenilerek yapilacak islemlerden dolayi sorumlu tutulamaz.
This e-mail & its content have been sent to the attention of the receiver named above. If you are not the intended recipient (or have received this e-mail in error), Please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. Kuwait Turkish Evkaf Finance House shall not be held liable for the arrival of this e-mail & its content as modified or late, the protection of integrity and secrecy and shall not be liable to any person who acts or omits to do anything in reliance upon it.