You are not logged in.

Pages: 1

#1 2014-07-28 12:18:17

VenomGameworld
Member
Registered: 2009-07-12
Posts: 39

Allow remote SSH access (x11 forwarding)

Hi,

I've recently installed and configured sshd to be able to take control of my Linux machine from a Windows box running Xming and Putty.
When i stop IPtables it works as it should, but when I turn it on, I always get an error (on my Putty) "Network connection refused".
I used the following rules for SSH:

iptables -A INPUT -i eth0 -p tcp -s 192.168.0.0/24 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT

(the Windows box is in the same network and shares the class C subnet + sshd uses default port 22)

The entire IPtables configuration is:

#sudo iptables -L -v
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere            
 8396   16M ACCEPT     all  --  any    any     anywhere             anywhere             ctstate RELATED,ESTABLISHED
    2   120 ACCEPT     all  --  lo     any     anywhere             anywhere            
    0     0 REJECT     tcp  --  any    any     anywhere             anywhere             reject-with tcp-reset
    5   698 REJECT     udp  --  any    any     anywhere             anywhere             reject-with icmp-port-unreachable
    0     0 REJECT     all  --  any    any     anywhere             anywhere             reject-with icmp-proto-unreachable
    0     0 ACCEPT     tcp  --  eth0   any     192.168.0.0/24       anywhere             tcp dpt:ssh state NEW,ESTABLISHED

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 5326 packets, 292K bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp  --  any    eth0    anywhere             anywhere             tcp spt:ssh state ESTABLISHED

Does anyone know what can be the cause of this?

Thanks in advance!

Last edited by VenomGameworld (2014-07-28 12:18:47)

Offline

#2 2014-07-28 12:39:44

nomorewindows
Member
Registered: 2010-04-03
Posts: 3,417

Re: Allow remote SSH access (x11 forwarding)

Not sure why you are wiring a iptable rule for a local network ssh setup.  To actually get X11 forwarding to go, you need to configure the server ssh configuration files, and pass the -Y switch to the ssh client.

Last edited by nomorewindows (2014-07-28 12:50:14)

I may have to CONSOLE you about your usage of ridiculously easy graphical interfaces...
Look ma, no mouse.

Offline

#3 2014-07-28 16:04:03

Tarqi
Member
From: Ixtlan
Registered: 2012-11-27
Posts: 179
Website

Re: Allow remote SSH access (x11 forwarding)

The INPUT rule will never reached, move it up in the chain. The OUTPUT rule is useless.

Last edited by Tarqi (2014-07-28 16:05:31)

Knowing others is wisdom, knowing yourself is enlightenment. ~Lao Tse

Offline

Pages: 1

Board footer

Powered by FluxBB