Re: SSH port 22 is invisible from the internet!! :(
On Mon, Apr 09, 2007 at 08:56:40PM +0200, Jochen Schulz wrote:
> Hm, weird setup. So you get a non-public IP address on eth0 via DHCP and
> a "static" public address for ppp0?
Exactly!
> > I do:
> > $ sudo tcpdump -vv -i ppp0 "port 22"
> > tcpdump: listening on ppp0, link-type LINUX_SLL (Linux cooked), capture size 96 bytes
> >
> > so if you could, please try to connect with ssh to my system!
>
> Done (twice). Got a timeout again.
Sorry, I exit from tcpdump but now I'm run it again!
> If you can see either both incoming and outgoing packets or no packets
> at all, your setup is fine and someone else is dropping them. If you see
> only incoming packets, it's your fault.
Could you try to login again, please?
> In any case, I would now try to let sshd listen on another port that is
> probably not filtered (like 443).
Done:
sshd_config: Port 443
iptables script: -A block -i ppp0 -p tcp --dport 443 -j ACCEPT
But, if I run iptables -L then I can't see opened port 443! Why?
Chain block (2 references)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT udp -- anywhere anywhere udp dpt:sip
ACCEPT tcp -- anywhere anywhere tcp dpt:sip
ACCEPT tcp -- anywhere anywhere tcp dpt:1720
ACCEPT tcp -- anywhere anywhere tcp dpt:rplay
ACCEPT tcp -- anywhere anywhere tcp dpts:6680:6699
ACCEPT tcp -- anywhere anywhere tcp dpt:1234
ACCEPT tcp -- anywhere anywhere tcp dpt:9433
ACCEPT 0 -- anywhere anywhere state NEW
DROP 0 -- anywhere anywhere
> You should definitely remove that test user *now*. To debug connection
Done.
--
Regards, Paul Csányi
Reply to: