Hello list, thanks for all the answers. Unfortunately, I still cannot find the solution. My sshd is running on port 10022. I verified this several times. If I am opening the firewall with the default policies ACCEPT and drop all my rules I can connect to my server from outside without any problem. Therefore I can guess that I have some problems with the firewall and not the sshd. I will cut the parts of my firewall with drop rules and the kernel flags. Beneath the rules I will paste a short chunk from my logfile. Please, please help me. I am really desperate and running out of ideas. Regards, Ralf Schoenian. # Default policy. iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP ### =========================================================== ### Variablen IFACE="ppp0" IFACE2="vmnet1" IFACE3="eth0" BROADCAST="192.168.1.255" LOOPBACK="127.0.0.0/8" CLASS_C="192.168.0.0/16" UP_PORTS="1024:65535" #UP_PORTS="1:65535" ### ============================================================ ### Auf Pings reagieren wir nicht. /bin/echo "1" >/proc/sys/net/ipv4/icmp_echo_ignore_all ### Auf broadcasts wollen wir auch nicht reagieren. /bin/echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts ### Source routed packets werden nicht akzeptiert. Mit ihnen kAönnen Angreifer ### vorgeben, dass sie aus dem inneren des Netzwerkes kommen. /bin/echo "0" > /proc/sys/net/ipv4/conf/all/accept_source_route ### ICMP redirects wollen wir nicht, da sie missbraucht werden kAönnen, um ### unsere Routen zu Aändern. /bin/echo "0" > /proc/sys/net/ipv4/conf/all/accept_redirects ### Enable bad error message protection. /bin/echo "1" > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses ### SYN-FLOODING PROTECTION # iptables -N syn-flood iptables -A INPUT -i $IFACE -p tcp --syn -j syn-flood iptables -A syn-flood -m limit --limit 1/s --limit-burst 4 -j RETURN iptables -A syn-flood -j DROP ## Make sure NEW tcp connections are SYN packets iptables -A INPUT -i $IFACE -p tcp ! --syn -m state --state NEW -j DROP ### SPOOFING # ### Alle Pakete die aus dem Internet kommen u. vorgeben aus einem Class-C Netz zu stammen ### werden ignoriert iptables -A INPUT -i $IFACE -s $CLASS_C -j DROP iptables -A INPUT -i $IFACE -d $LOOPBACK -j DROP # Refuse broadcast address packets. iptables -A INPUT -i $IFACE -d $BROADCAST -j DROP ### SSH inbound # iptables -A INPUT -i $IFACE -p tcp --dport 10022 --sport $UP_PORTS -j ACCEPT iptables -A OUTPUT -o $IFACE -p tcp --sport 10022 --dport $UP_PORTS -j ACCEPT # ### SSH outbound # iptables -A OUTPUT -o $IFACE -p tcp --sport $UP_PORTS --dport 10022 -j ACCEPT iptables -A INPUT -i $IFACE -p tcp --dport $UP_PORTS --sport 10022 -j ACCEPT ---------------------------------------- Here is some part of my firewall log ----------------------------------------- Mar 28 17:01:02 kitrlx01 kernel: IN=ippp0 OUT= MAC= SRC=62.134.105.240 DST=217.51.83.86 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=42963 DF PROTO=TCP SPT=32791 DPT=10022 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 28 17:01:14 kitrlx01 kernel: IN=ippp0 OUT= MAC= SRC=62.134.105.240 DST=217.51.83.86 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=42964 DF PROTO=TCP SPT=32791 DPT=10022 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 28 17:01:38 kitrlx01 kernel: IN=ippp0 OUT= MAC= SRC=62.134.105.240 DST=217.51.83.86 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=42965 DF PROTO=TCP SPT=32791 DPT=10022 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 28 17:02:26 kitrlx01 kernel: IN=ippp0 OUT= MAC= SRC=62.134.105.240 DST=217.51.83.86 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=42966 DF PROTO=TCP SPT=32791 DPT=10022 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 28 17:04:22 kitrlx01 kernel: IN=ippp0 OUT= MAC= SRC=62.134.105.240 DST=217.51.83.86 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=24380 DF PROTO=TCP SPT=32792 DPT=10022 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 28 17:04:25 kitrlx01 kernel: IN=ippp0 OUT= MAC= SRC=62.134.105.240 DST=217.51.83.86 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=24381 DF PROTO=TCP SPT=32792 DPT=10022 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 28 17:04:31 kitrlx01 kernel: IN=ippp0 OUT= MAC= SRC=62.134.105.240 DST=217.51.83.86 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=24382 DF PROTO=TCP SPT=32792 DPT=10022 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 28 17:04:43 kitrlx01 kernel: IN=ippp0 OUT= MAC= SRC=62.134.105.240 DST=217.51.83.86 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=24383 DF PROTO=TCP SPT=32792 DPT=10022 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 28 17:08:07 kitrlx01 kernel: IN=ippp0 OUT= MAC= SRC=62.134.105.240 DST=217.51.83.86 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=59595 DF PROTO=TCP SPT=32793 DPT=10022 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 28 17:08:10 kitrlx01 kernel: IN=ippp0 OUT= MAC= SRC=62.134.105.240 DST=217.51.83.86 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=59596 DF PROTO=TCP SPT=32793 DPT=10022 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 28 17:08:16 kitrlx01 kernel: IN=ippp0 OUT= MAC= SRC=62.134.105.240 DST=217.51.83.86 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=59597 DF PROTO=TCP SPT=32793 DPT=10022 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 28 17:08:28 kitrlx01 kernel: IN=ippp0 OUT= MAC= SRC=62.134.105.240 DST=217.51.83.86 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=59598 DF PROTO=TCP SPT=32793 DPT=10022 WINDOW=5840 RES=0x00 SYN URGP=0