Dan,
I took out the source address and I'm still not able to connect. In your
example, I assume you have a genuine
IP address in place of xxx.xxx.xxx.xxx. Do you have a static IP then?
Of course, I'm also starting to wonder if I'm barking up the wrong tree
here and maybe I have something else wrong elsewhere. Any generic ideas
on what to check to make sure ssh works? And if I can get out the server
here with
telnet, I should be able to get out with ssh also, right?
Thanks,
George
"Daniel J. Ferris" <[EMAIL PROTECTED]> (Mailed by:
[EMAIL PROTECTED])
09/28/2000 08:58 AM CST
Please respond to [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
cc:
Subject: Re: [newbie] ipchains and ssh
At 08:11 AM 9/27/00 -0500, you wrote:
>Hello,
>
>My first post on the newbie list...
>
>I have been struggling for some time to get SSH to work on my Linux box
>(2.2.13-4mdk : Mandrake 6.1).
>I believe I finally have it up and running, because I am able to create a
>SSH connection from/to the machine itself.
>
>What I can't seem to manage is to make a SSH connection from an external
>machine (I work in DC, Linux box is at home in OH). I am trying using
>FiSSH and I repeatedly get "Failed to Connect to Host."
>
>Now, I do have a firewall up, and it is a pretty basic one in order to
>provide IP-Masquerading (which works!), so I thought
>maybe my problem was simply that the firewall wasn't letting the
connection
>to port 22. So, after extensive research I felt
>that what I needed to add was a couple rules to allow the connection in,
>and I tried to add something like this (and other
>similar variations):
>
>ipchains -A input -p tcp -s xxx.xxx.com -d yyy.yyy.yyy.yyy 22 -j ACCEPT
>ipchains -A output -p tcp -d xxx.xxx.com -d yyy.yyy.yyy.yyy 22 -j ACCEPT
>
>But it isn't working - and I think my problem lies with xxx.xxx.com and
>yyy.yyy.yyy.yyy (the source and destination addresses).
>
>1. I don't exactly know the source IP address for where I'm at, so is it
>acceptable to use xxx.xxx.com instead?
>2. I have a variable IP - so how the heck do I populate yyy.yyy.yyy.yyy
>with my current IP address if I don't even know it?
>
>For #2 - I've seen some people use $IPADDR which is all well and good, but
>I don't know how to populate that variable without simply hardcoding and
>that just presents the same problem again.
>
>In addition, I typed in the ipchains commands (both above) at the command
>prompt and used what my IP address is currently and I still couldn't
>connect to it remotely via SSH. So now my entire solution has been
>undermined.
>
>Any suggestions?
>
>Thanks,
>George
I have the exact same setup as you do (almost) and ssh works from anywhere.
I just did this....
ipchains -A input -p tcp -d xxx.xxx.xxx.xxx 22 -j ACCEPT
If you are really concerned about the source address, try using the ip
address instead of the hostname/DNS name, because it may resolve to
something unexpected.
As you can see, in my example, I wasn't concerned with the source
address. Only the destination address and port number.
Dan
