Find the answer to your Linux question:
Results 1 to 5 of 5
i have a problem from my iptables rule this is my rule Chain INPUT (policy DROP) target prot opt source destination ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT udp ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Nov 2007
    Posts
    6

    can't allow ssh :(


    i have a problem from my iptables rule

    this is my rule
    Chain INPUT (policy DROP)
    target prot opt source destination
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
    ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:53 dpts:1024:65535
    ACCEPT icmp -- 192.168.0.0/24 192.168.0.2 icmp type 8 state NEW,RELATED,ESTABLISHED
    ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 0 state RELATED,ESTABLISHED
    ACCEPT all -- 127.0.0.1 0.0.0.0/0

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination
    ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
    ACCEPT all -- 192.168.0.0/24 0.0.0.0/0
    ACCEPT tcp -- 192.198.0.0/24 0.0.0.0/0 tcp dpt:80
    ACCEPT tcp -- 192.168.0.0/24 0.0.0.0/0 tcp dpt:5050

    Chain OUTPUT (policy DROP)
    target prot opt source destination
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
    ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spts:1024:65535 dpt:53
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED multiport dports 80,443 multiport sports 1024:65535
    ACCEPT icmp -- 192.168.0.2 192.168.0.0/24 icmp type 0 state RELATED,ESTABLISHED
    ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8 state NEW,RELATED,ESTABLISHED

    i want to allow ssh port with
    iptables -A INPUT -p tcp -s 0/0 -d 202.169.231.47 --sport 513:65535 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
    iptables -A OUTPUT -p tcp -s 202.169.231.47 -d 0/0 --sport 22 --dport 513:65535 -m state --state ESTABLISHED -j ACCEPT

    but still don't work
    can you tell me why this is happen

  2. #2
    Just Joined!
    Join Date
    Nov 2007
    Posts
    6
    hmm i just have the solution but i am not sure this is a short way

    here it is
    iptables -A INPUT -p tcp --dport 22 -j ACCEPT
    iptables -A INPUT -p tcp --sport 22 -j ACCEPT
    iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT
    iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT

    so, what is your opinion ?

    are there any better solutions ?
    Last edited by burkass; 10-31-2008 at 07:19 PM. Reason: wrong vocab

  3. #3
    Linux Newbie
    Join Date
    Apr 2008
    Location
    India
    Posts
    170
    -A INPUT -p tcp -m tcp --dport 22 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT

    -A PREROUTING -i eth0 -p tcp -m tcp --sport 22 -j TOS --set-tos 0x10
    -A POSTROUTING -o eth0 -p tcp -m tcp --dport 22 -j TOS --set-tos 0x10
    -A INPUT -i eth0 -p tcp -m tcp --sport 22 --dport 513:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A INPUT -i eth0 -p tcp -m tcp --sport 1024:65535 --dport 22 --tcp-flags SYN,RST,ACK SYN -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A INPUT -i eth0 -p udp -m udp --dport 22 -m state --state ESTABLISHED -j ACCEPT
    -A OUTPUT -s xx.xx.xx.xx -o eth0 -p tcp -m tcp --dport 22 -j ACCEPT
    Regards
    David Anand
    -->Success is the list of failures ...!!!

  4. #4
    Just Joined!
    Join Date
    Nov 2007
    Posts
    6
    ^ i have two network to use ssh

    one of my local network and internet network...

    btw can you explain that rule ?

  5. #5
    Linux Newbie
    Join Date
    Apr 2008
    Location
    India
    Posts
    170
    just allow the port 22 on the machine and if you are continuously facing issue take a backup of the current iptables and flush the rules put it back
    Regards
    David Anand
    -->Success is the list of failures ...!!!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •