Peter Carlsson skrev:
Stefan Alfredsson skrev:
Hej!
Ber om ursäkt för ett långt mail...
Nu har jag testat de flesta av dina tips. Se resultatet och
följdfrågor nedan.
[snip av långt mail]
Har nu varit i kontakt med supporten his Bredbandsbolaget som svarade:
"Port 22 är inte spärrat på det mobila bredbandet. Det går inte via
någon brandvägg. Det kan däremot vara din egna brandvägg som blockerar
om du har någon sådan installerad."
Börjar fundera på om det kanske är så att sshd lyssnar på fel interface
om det är möjligt?
Behöver man göra något för att sshd även ska lyssna på inkommande anrop
på ppp0?
Jag har satt ufw till att deny:a allt utom ssh. Har även prövat att
tillåta allt.
# sudo ufw status
Status: aktiv
Till Åtgärd Från
---- ------ ----
22 ALLOW Anywhere
Tittar man på iptables så innehåller den ofantligt mycket mer.
# sudo iptables -nvL
Chain INPUT (policy DROP 2 packets, 128 bytes)
pkts bytes target prot opt in out source
destination
1595 1272K ufw-before-logging-input all -- * *
0.0.0.0/0 0.0.0.0/0
1595 1272K ufw-before-input all -- * *
0.0.0.0/0 0.0.0.0/0
42 2856 ufw-after-input all -- * *
0.0.0.0/0 0.0.0.0/0
42 2856 ufw-after-logging-input all -- * *
0.0.0.0/0 0.0.0.0/0
42 2856 ufw-reject-input all -- * *
0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 ufw-before-logging-forward all -- * *
0.0.0.0/0 0.0.0.0/
0
0 0 ufw-before-forward all -- * *
0.0.0.0/0 0.0.0.0/0
0 0 ufw-after-forward all -- * *
0.0.0.0/0 0.0.0.0/0
0 0 ufw-after-logging-forward all -- * *
0.0.0.0/0 0.0.0.0/0
0 0 ufw-reject-forward all -- * *
0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
1583 187K ufw-before-logging-output all -- * *
0.0.0.0/0 0.0.0.0/0
1583 187K ufw-before-output all -- * *
0.0.0.0/0 0.0.0.0/0
21 3453 ufw-after-output all -- * *
0.0.0.0/0 0.0.0.0/0
21 3453 ufw-after-logging-output all -- * *
0.0.0.0/0 0.0.0.0/0
21 3453 ufw-reject-output all -- * *
0.0.0.0/0 0.0.0.0/0
Chain ufw-after-forward (1 references)
pkts bytes target prot opt in out source
destination
Chain ufw-after-input (1 references)
pkts bytes target prot opt in out source
destination
0 0 RETURN udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:137
0 0 RETURN udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:138
0 0 RETURN tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:139
0 0 RETURN tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:445
0 0 RETURN udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:67
0 0 RETURN udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:68
0 0 RETURN all -- * * 0.0.0.0/0
0.0.0.0/0 ADDRTYPE match dst-type BROADCAST
Chain ufw-after-logging-forward (1 references)
pkts bytes target prot opt in out source
destination
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 4 prefix `[UFW BLOCK] '
Chain ufw-after-logging-input (1 references)
pkts bytes target prot opt in out source
destination
2 128 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 4 prefix `[UFW BLOCK] '
Chain ufw-after-logging-output (1 references)
pkts bytes target prot opt in out source
destination
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 4 prefix `[UFW ALLOW] '
Chain ufw-after-output (1 references)
pkts bytes target prot opt in out source
destination
Chain ufw-before-forward (1 references)
pkts bytes target prot opt in out source
destination
0 0 ufw-user-forward all -- * *
0.0.0.0/0 0.0.0.0/0
Chain ufw-before-input (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- lo * 0.0.0.0/0
0.0.0.0/0
6 312 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ufw-logging-deny all -- * *
0.0.0.0/0 0.0.0.0/0 state INVALID
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 3
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 11
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 12
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp spt:67 dpt:68
2 128 ufw-not-local all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- * * 224.0.0.0/4
0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0
224.0.0.0/4
2 128 ufw-user-input all -- * * 0.0.0.0/0
0.0.0.0/0
Chain ufw-before-logging-forward (1 references)
pkts bytes target prot opt in out source
destination
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix
`[UFW AUDIT] '
Chain ufw-before-logging-input (1 references)
pkts bytes target prot opt in out source
destination
8 440 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix
`[UFW AUDIT] '
Chain ufw-before-logging-output (1 references)
pkts bytes target prot opt in out source
destination
5 308 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix
`[UFW AUDIT] '
Chain ufw-before-output (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * lo 0.0.0.0/0
0.0.0.0/0
5 308 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW,RELATED,ESTABLISHED
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW,RELATED,ESTABLISHED
0 0 ufw-user-output all -- * *
0.0.0.0/0 0.0.0.0/0
Chain ufw-logging-allow (0 references)
pkts bytes target prot opt in out source
destination
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 4 prefix `[UFW ALLOW] '
Chain ufw-logging-deny (2 references)
pkts bytes target prot opt in out source
destination
0 0 RETURN all -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 4 prefix `[UFW BLOCK] '
Chain ufw-not-local (1 references)
pkts bytes target prot opt in out source
destination
2 128 RETURN all -- * * 0.0.0.0/0
0.0.0.0/0 ADDRTYPE match dst-type LOCAL
0 0 RETURN all -- * * 0.0.0.0/0
0.0.0.0/0 ADDRTYPE match dst-type MULTICAST
0 0 RETURN all -- * * 0.0.0.0/0
0.0.0.0/0 ADDRTYPE match dst-type BROADCAST
0 0 ufw-logging-deny all -- * *
0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain ufw-reject-forward (1 references)
pkts bytes target prot opt in out source
destination
Chain ufw-reject-input (1 references)
pkts bytes target prot opt in out source
destination
Chain ufw-reject-output (1 references)
pkts bytes target prot opt in out source
destination
Chain ufw-user-forward (1 references)
pkts bytes target prot opt in out source
destination
Chain ufw-user-input (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:22
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:22
Chain ufw-user-limit (0 references)
pkts bytes target prot opt in out source
destination
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 0 level 4 prefix
`[UFW LIMIT BLOCK] '
0 0 REJECT all -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-port-unreachable
Chain ufw-user-limit-accept (0 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain ufw-user-logging-forward (0 references)
pkts bytes target prot opt in out source
destination
Chain ufw-user-logging-input (0 references)
pkts bytes target prot opt in out source
destination
Chain ufw-user-logging-output (0 references)
pkts bytes target prot opt in out source
destination
Chain ufw-user-output (1 references)
pkts bytes target prot opt in out source
destination
Kollar man med netstat får man:
# netstat -tnl
Aktiva internetanslutningar (endast servrar)
Proto Recv-Q Send-Q Local Address Foreign Address
State
tcp 0 0 0.0.0.0:22 0.0.0.0:*
LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:*
LISTEN
tcp6 0 0 :::22 :::*
LISTEN
/Peter
--
To UNSUBSCRIBE, email to debian-user-swedish-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
