Greetings Could someone help me, I don't really know hwy this doesn't work but I can't ssh into my PC, So instead of turning IP tables off I have decided to learn them and downloaded a tutorial. How ever if I can just get one working example maybe I will then I will start understanding this. [root@chadlap: iIpfilter]# iptables -A INPUT -p tcp --dport 22 -j ACCEPT [root@chadlap: iIpfilter]# iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT [root@chadlap: iIpfilter]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp spt:ssh Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp spt:ssh According to the tutorial this should work according to me it most definately is not! -- -- Chadley Wilson Production Line Supervisor Pinnacle Micro Manufacturers of Proline Computers ==================================== Exercise freedom, Use LINUX =====================================
On Thursday 23 September 2004 5:10 am, Chadley Wilson wrote:
Could someone help me, I don't really know hwy this doesn't work but I can't ssh into my PC, So instead of turning IP tables off I have decided to learn them and downloaded a tutorial. How ever if I can just get one working example maybe I will then I will start understanding this.
Hi, There seems to be a little difference between the iptables command you seemed to use to enable incoming ssh and the output of "iptables -L". Here's , the output of your INPUT chain with iptables -L: ACCEPT tcp -- anywhere anywhere tcp spt:ssh As you can see at the end, it says spt:ssh (source port ssh) where in fact you want: dpt:ssh (destination port ssh). It seems you did this: iptables -A INPUT -p tcp --sport 22 -j ACCEPT Notice (sport) instead of (dport). Fix this (flush your input chain) by: iptables -F INPUT and then write the rule correctly. Make sure you have sshd running: ps -ef | grep sshd and try again :) HTH, Jorge
On Thursday 23 September 2004 11:10, Chadley Wilson wrote:
Could someone help me, I don't really know hwy this doesn't work but I can't ssh into my PC, So instead of turning IP tables off
Oops, better first try without the firewall to be sure you really /can/ login with ssh. Cheers, Leen
On Thursday 23 September 2004 5:10 am, Chadley Wilson wrote:
Could someone help me, I don't really know hwy this doesn't work but I can't ssh into my PC, So instead of turning IP tables off I have decided to learn them and downloaded a tutorial. How ever if I can just get one working example maybe I will then I will start understanding this.
I also noticed that your default policy for the INPUT chain is ACCEPT so it shouldn't matter really the line you have...as it should ACCEPT the packets by default...but like Leendert suggests, better try first without using netfilter. Jorge
On Thursday 23 September 2004 16:08, Jorge Fábregas wrote:
On Thursday 23 September 2004 5:10 am, Chadley Wilson wrote:
Could someone help me, I don't really know hwy this doesn't work but I can't ssh into my PC, So instead of turning IP tables off I have decided to learn them and downloaded a tutorial. How ever if I can just get one working example maybe I will then I will start understanding this.
I also noticed that your default policy for the INPUT chain is ACCEPT so it shouldn't matter really the line you have...as it should ACCEPT the packets by default...but like Leendert suggests, better try first without using netfilter.
Jorge
You see why I use this list, you guys are good! :-} OK, so I discover that when I restart sshd it fails. And why is mystery, I have checked the logs, and nothing in there. If I start it from the command line it works and my filters work( I have been playing of course) But I have now also gone over the sshd_config and ssh_config and compared them to a working copy on my other suse 9.1 Pro box, in this rare case please post some possible solutions, I will get them on monday as it is a long weekend in South Africa and I will see you all then. Have a good friday and great weekend Thanks Guys -- -- Chadley Wilson Production Line Supervisor Pinnacle Micro Manufacturers of Proline Computers ==================================== Exercise freedom, Use LINUX =====================================
participants (3)
-
Chadley Wilson
-
Jorge Fábregas
-
Leendert Meyer