Problem with debian sarge, iptables & state

To: Debian Firewall list <debian-firewall@lists.debian.org>
Subject: Problem with debian sarge, iptables & state
From: Lars Schimmer <l.schimmer@cgv.tugraz.at>
Date: Mon, 19 Dec 2005 20:12:58 +0100
Message-id: <[🔎] 43A7063A.20702@cgv.tugraz.at>

Hi!

I copied a iptables config from a friend over to my router:
($IPT = /sbin/iptables)

$IPT -A FORWARD -s ! 111.22.22.128/25 -p tcp --dport 22 -m state --stateNEW -m recent --set$IPT -A FORWARD -p tcp --dport 22 -m state --state NEW -m recent--update --seconds 300 --hitcount 10 -j DROP

$IPT -A FORWARD -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
$IPT -A FORWARD -p tcp -d 111.22.22.128/25 --dport 22 -j REJECT

But it doesn't do the trick, ssh is blocked at all.

On a machine with a 2.6.14 self built kernel (network options nottouched at all), that works local (with the INPUT chain, not the forwardchain).

Is the forward chain the problem here?

Cya
Lars
--
-------------------------------------------------------------
TU Graz, Institut für ComputerGraphik & WissensVisualisierung
Tel.: +43 316 873-5405       E-Mail: l.schimmer@cgv.tugraz.at
PGP-Key-ID: 0xB87A0E03

Reply to:

Follow-Ups:
- Re: Problem with debian sarge, iptables & state
  - From: Phil Dyer <phil@dyermaker.org>

Prev by Date: Flawless Soft Tabs Experts lz
Next by Date: Re: Problem with debian sarge, iptables & state
Previous by thread: Flawless Soft Tabs Experts lz
Next by thread: Re: Problem with debian sarge, iptables & state
Index(es):
- Date
- Thread