Skip to main content

Thread: SSH issue (IPtables)

-

hi all,

i've been making use of resources available regarding iptables, mainly:



various forums people have posted to, have seen scripts , learned them too, etc. think i'm getting grips in understand basics of iptables now.

however, 1 solution issue having allowing incoming ssh connections still eluding me.

terrific me trouble-shoot this. here's script:

== edit! ==
version of iptables 1.4.11.1

code:
#! /bin/bash # # configuring of iptables define connection rules # # default policy == drop, following # rules accept specific traffic. #  # set interface strings  wlan="wlan+" tap="tap+"  # clear current rules , chains iptables -f iptables -x  # set default policy drop iptables -p forward drop iptables -p input drop iptables -p output drop  # load modules may need. #modprobe ip_tables #modprobe ip_nat_ftp #modprobe ip_nat_irc #modprobe iptable_filter #modprobe iptable_nat  #modprobe ip_conntrack_irc #modprobe ip_conntrack_ftp modprobe ip_conntrack modprobe ipt_log  # accept have established connection iptables -a input -m state --state related,established -j accept  # accept input/output on loopback interface iptables -a input -i lo -p -j accept iptables -a output -o lo -p -j accept  # allow icmp requests/replies iptables -a output -p icmp --icmp-type echo-request -j accept iptables -a input  -p icmp --icmp-type echo-reply -j accept  # allow incoming ssh connections, inside lan # , log them. iptables -a input -i $wlan -p tcp --dport 22 -s 192.168.2.0/24 -j log --log-prefix '** incoming ssh lan **' --log-level 4 iptables -a input -i $wlan -p tcp --dport 22 -s 192.168.2.0/24 -j accept  # allow incoming ssh connections, work network # , log them. iptables -a input -i $wlan -p tcp --dport 22 -s [work's n/w] -j log --log-prefix '** incoming ssh work **' --log-level 4 iptables -a input -i $wlan -p tcp --dport 22 -s {work's n/w] -j accept  # allow outgoing ssh connections, destined lan # , log them. iptables -a output -o $wlan -p tcp --dport 22 -d 192.168.2.0/24 -j log --log-prefix '** outgoing ssh inside lan **' --log-level 4 iptables -a output -o $wlan -p tcp --dport 22 -d 192.168.2.0/24 -j accept  # open main operational ports functional, plus vpn # tap connect through. iptables -a output -o $wlan -p tcp --dport 80 -j accept #http iptables -a output -o $wlan -p tcp --dport 443 -j accept #https iptables -a output -o $wlan -p udp --dport 53 -j accept #dns iptables -a output -o $wlan -p udp --dport 67:68 -j accept #dhcp iptables -a output -o $wlan -p udp --dport 1194 -j accept #openvpn iptables -a output -o $wlan -p udp --dport 10010 -j accept #openvpn iptables -a output -o $wlan -p udp --dport 10020 -j accept #openvpn  # open same ports on tap interface too. # iptables -a output -o $tap -p udp --dport 67:68 -j accept #dhcp iptables -a output -o $tap -p udp --dport 53 -j accept #dns iptables -a output -o $tap -p tcp --dport 80 -j accept #http iptables -a output -o $tap -p tcp --dport 443 -j accept #https iptables -a output -o $tap -p tcp --dport 22 -j accept #ssh iptables -a output -o $tap -p tcp --dport 20:21 -j accept #ftp iptables -a output -o $tap -p tcp --dport 6881:6889 -j accept #bit torrent  # explicitly drop has not been allowed iptables -a forward -j drop iptables -a input -j drop iptables -a output -j drop
what find first tcp syn packet comes through, machine not respond syn/ack packet shown in following wireshark screen print:



have no idea why is?

also, question have modules load? necessary on client, i.e. gather iptable_nat module isn't required client machine rather if writing script dd-wrt router, right?...

shed light onto modules pertinent client , server, please?

now, not related issue having it's more i've noticed why there dns request address related *.arpa directly after type:

code:
#iptables -l
here's screen print:



btw, reckon great way understand iptables able visualise if know of links can visualise what's going on please link it, i.e. diagram or (but not 1 on first link when started!).

per usual, many input(s) in advance!

from can see script looks decent. might seem no brainer kinda thing, using ufw well? because ufw can munge iptables rules if you're not careful how you're implementing them.

edit : if that's not case might consider this. might help.

iptables -a input -i $wlan -p tcp --dport 22 -s 192.168.2.0/24 -m state --state new -j accept


Forum The Ubuntu Forum Community Ubuntu Official Flavours Support Networking & Wireless [SOLVED] SSH issue (IPtables)


Ubuntu

Comments

Post a Comment

Popular posts from this blog

How to change text Component easybook reloaded *newbee* - Joomla! Forum - community, help and support

-
Image
hi all, i started building websites joomla not long ago, can use help.. for got problem guestbook. i have installed easybook. , running on following website http://odoorn321.nl/ (under gastenboek) i want change text: waardering website (is dutch valuate website) waardering. idea rid of word website, because have valuate vacation home, not website. i have made screenshot of text want change. where , how going find css file change text? your appreciated! thanks no one? Board index Joomla! Older Version Support Joomla! 2.5 General Questions/New to Joomla! 2.5
Read more

After Effect warning: A problem occurred when processing OpenGL commands

-
i have after effects cs6 in computer cs5.5 installed. 64bit windows 7 ultimate 20gb memory , 2 amd radeon hd 6900 series display adapters drivers updated hour ago (driver date 27.7.2012, version 8.982.0.0).   when trying use after ecffects, error message " after effect warning: problem occurred when processing opengl commands " when clicking composition window.   what done? not much, i'm afraid. need older graphics driver. other disable second card or play configuration. unfortunately not smart person decided cs6 no longer need manual opengl control user, there's no way suppress within program force-revert software-only modes in case of such issues...   mylenium More discussions in After Effects adobe
Read more

Preconditions Failed. - Joomla! Forum - community, help and support

-
hello! i'm having problem; every time click save&close button, or save button, or close button module; following message appears: "precondition failed the precondition on request url /administrator/index.php evaluated false. additionally, 404 not found error encountered while trying use errordocument handle request." it happens modules. thanks in advance. problem description :: forum post assistant (v1.2.3) : 13th november 2012 wrote: can\'t save changes or close module. log/error message :: forum post assistant (v1.2.3) : 13th november 2012 wrote: precondition failed precondition on request url /administrator/index.php evaluated false. additionally, 404 not found error encountered while trying use errordocument handle request. last php error(s) reported :: forum post assistant (v1.2.3) : 13th november 2012 wrote: [04-mar-2012 01:25:56] php fatal error: call member function get() on non-object in /home/joommmy1/addon/youngstaer/sub/teenace/public_html/templates/...
Read more