[SOLVED] iptables blocking my ssh connection attempts :(

purple12 · 2011-10-17 06:31:27

Hello...
Apologies for the networking n00b question, but I'm sooo close to finishing the configuration of this system and I'm blocked on something embarrassingly trivial. I did try researching the forums, and found what I thought were pretty good, obvious answers, but for some reason, they're not working.

The problem:
It's simple, really. the iptables ruleset recommended in the Arch "basic stateful firewall" article is blocking my attempts to connect via ssh on a high, non-standard port. If I stop iptables, connection works fine--I test locally and also via putty on a Windows box elsewhere on the LAN, so I'm pretty sure the basic config is OK.

Solution attempts:
I've tried adding a rule in the following ways, where <my port> is the high port I'm using for ssh:
sudo iptables -A INPUT -p tcp --dport <my port> -m state --state NEW -j ACCEPT
sudo iptables -A INPUT -i eth0 -p tcp --dport <my port> -j ACCEPT

Below is the output from iptables -L:

Chain INPUT (policy DROP)
target     prot opt source               destination         
DROP       all  --  127.0.0.0/8          anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere             ctstate INVALID
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request ctstate NEW
UDP        udp  --  anywhere             anywhere             ctstate NEW
TCP        tcp  --  anywhere             anywhere             tcpflags: FIN,SYN,RST,ACK/SYN ctstate NEW
REJECT     udp  --  anywhere             anywhere             reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere             reject-with tcp-reset
REJECT     all  --  anywhere             anywhere             reject-with icmp-proto-unreachable
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh state NEW

Chain FORWARD (policy DROP)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain TCP (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http

Chain UDP (1 references)
target     prot opt source               destination         
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain

Very grateful for any help...

Last edited by purple12 (2011-10-17 20:05:04)

fukawi2 · 2011-10-17 08:19:11

https://bbs.archlinux.org/viewtopic.php … 66#p997566
I'm going to fix the wiki... Which article did you get your rules from?

Last edited by fukawi2 (2011-10-17 08:19:35)

purple12 · 2011-10-17 09:09:31

Oh, that would be great! ...seems like ssh access is a pretty basic and useful function. Like alot of users, I naturally want to learn more about iptables, but the learning curve is probably fairly steep...a shortcut woul be nice in the meantime. Thanks!

The wiki article I followed was this one:
https://wiki.archlinux.org/index.php/Si … l_firewall

--cheers.

purple12 · 2011-10-17 20:06:14

-- the command string for adding the SSH rule worked brilliantly! --Thanks again.

Last edited by purple12 (2011-10-17 20:07:26)

fukawi2 · 2011-10-18 02:02:06

NP, I've added some notes in the wiki article that hopefully makes it clearer for future readers

Arch Linux

#1 2011-10-17 06:31:27

[SOLVED] iptables blocking my ssh connection attempts :(

#2 2011-10-17 08:19:11

Re: [SOLVED] iptables blocking my ssh connection attempts :(

#3 2011-10-17 09:09:31

Re: [SOLVED] iptables blocking my ssh connection attempts :(

#4 2011-10-17 20:06:14

Re: [SOLVED] iptables blocking my ssh connection attempts :(

#5 2011-10-18 02:02:06

Re: [SOLVED] iptables blocking my ssh connection attempts :(

Board footer