[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Unable to ssh to Debian 9 from 9 or 11

On Sun, 16 Jul 2023, tomas@tuxteam.de wrote:


On Sun, Jul 16, 2023 at 09:39:35AM +0200, Roger Price wrote:
I tried to clear out the existing firewall on a Debian 9 machine with the commands 

This would be a good time to try ssh :-)



But before chasing that culprit it'd be nice to know we are
barking up the right tree: can you ssh after flushing the
firewalls and /before/ rebooting?


On a Debian 9 machine I typed the commands

  iptables -F
  iptables -X
  iptables -P INPUT ACCEPT
  iptables -P FORWARD ACCEPT
  iptables -P OUTPUT ACCEPT

and then _immediately_ attempted to ssh from Debian 11 to that Debian 9 machine.

rprice@titan ~ ssh rprice@kananga
rprice@kananga's password:
Linux kananga 4.9.0-4-686 #1 SMP Debian 4.9.65-3+deb9u1 (2017-12-23) i686
...

Success! I can ssh 11->9 after flushing the firewall and before rebooting.
I do not know what firewall management tool is in use. The first 4 lines shown by iptables -L were 

 Chain INPUT (policy DROP)
 num  target  prot opt source     destination
 1    ACCEPT  all  --  0.0.0.0/0  0.0.0.0/0                     /* "main[2993]-set_basic_rules[971]" */
 2    ACCEPT  all  --  0.0.0.0/0  0.0.0.0/0 ctstate ESTABLISHED /* "set_basic_rules[1028]-allow_basic_established[878]" */
 3    ACCEPT  icmp --  0.0.0.0/0  0.0.0.0/0 ctstate RELATED /* "set_basic_rules[1028]-allow_basic_established[892]" */

Does the style of comment give a clue to the tool used ?

Roger
Reply to: