You are not logged in.
Hello...
Apologies for the networking n00b question, but I'm sooo close to finishing the configuration of this system and I'm blocked on something embarrassingly trivial. I did try researching the forums, and found what I thought were pretty good, obvious answers, but for some reason, they're not working.
The problem:
It's simple, really. the iptables ruleset recommended in the Arch "basic stateful firewall" article is blocking my attempts to connect via ssh on a high, non-standard port. If I stop iptables, connection works fine--I test locally and also via putty on a Windows box elsewhere on the LAN, so I'm pretty sure the basic config is OK.
Solution attempts:
I've tried adding a rule in the following ways, where <my port> is the high port I'm using for ssh:
sudo iptables -A INPUT -p tcp --dport <my port> -m state --state NEW -j ACCEPT
sudo iptables -A INPUT -i eth0 -p tcp --dport <my port> -j ACCEPT
Below is the output from iptables -L:
Chain INPUT (policy DROP)
target prot opt source destination
DROP all -- 127.0.0.0/8 anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
DROP all -- anywhere anywhere ctstate INVALID
ACCEPT icmp -- anywhere anywhere icmp echo-request ctstate NEW
UDP udp -- anywhere anywhere ctstate NEW
TCP tcp -- anywhere anywhere tcpflags: FIN,SYN,RST,ACK/SYN ctstate NEW
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT all -- anywhere anywhere reject-with icmp-proto-unreachable
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh state NEW
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain TCP (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:http
Chain UDP (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:domain
Very grateful for any help...
Last edited by purple12 (2011-10-17 20:05:04)
Offline
https://bbs.archlinux.org/viewtopic.php … 66#p997566
I'm going to fix the wiki... Which article did you get your rules from?
Last edited by fukawi2 (2011-10-17 08:19:35)
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
Oh, that would be great! ...seems like ssh access is a pretty basic and useful function. Like alot of users, I naturally want to learn more about iptables, but the learning curve is probably fairly steep...a shortcut woul be nice in the meantime. Thanks!
The wiki article I followed was this one:
https://wiki.archlinux.org/index.php/Si … l_firewall
--cheers.
Offline
-- the command string for adding the SSH rule worked brilliantly! --Thanks again.
Last edited by purple12 (2011-10-17 20:07:26)
Offline
NP, I've added some notes in the wiki article that hopefully makes it clearer for future readers
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline