[gentoo-user] iptables blocks ssh
I've recently turned my workstation into a router for my laptop, using the great gentoo home router guide. Everthing is ok so far, with one exception: I can't connect to my ssh server anymore from outside the LAN, becuase iptables seems to prevent this, allthough i # iptables -A INPUT -p TCP --dport ssh -i eth1 -j ACCEPT . Any ideas ? -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] iptables blocks ssh
--- Antonio Coralles <[EMAIL PROTECTED]> wrote: > I've recently turned my workstation into a router > for my laptop, using > the great gentoo home router guide. Everthing is ok > so far, with one > exception: I can't connect to my ssh server anymore > from outside the > LAN, becuase iptables seems to prevent this, > allthough i > # iptables -A INPUT -p TCP --dport ssh -i eth1 -j > ACCEPT . > > Any ideas ? For my last INPUT rule I always log the dropped packets for debugging purposes. Then I can see what's getting dropped in /var/log/messages. iptables -A INPUT -m limit --limit 30/min -j LOG --log-prefix "Input Dropping: " Zac __ Yahoo! Mail Stay connected, organized, and protected. Take the tour: http://tour.mail.yahoo.com/mailtour.html -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] iptables blocks ssh
gentoo-user@lists.gentoo.org wrote: > I've recently turned my workstation into a router for my laptop, using > the great gentoo home router guide. Everthing is ok so far, with one > exception: I can't connect to my ssh server anymore from outside the > LAN, becuase iptables seems to prevent this, allthough i > # iptables -A INPUT -p TCP --dport ssh -i eth1 -j ACCEPT . > I've found an workaround for the moment; sshd now listens at port 8003 ... Maybe someone knows a more elegant solution ... Antonio -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] iptables blocks ssh
On Wed, 8 Jun 2005, Antonio Coralles wrote: > I've recently turned my workstation into a router for my laptop, using > the great gentoo home router guide. Everthing is ok so far, with one > exception: I can't connect to my ssh server anymore from outside the > LAN, becuase iptables seems to prevent this, allthough i > # iptables -A INPUT -p TCP --dport ssh -i eth1 -j ACCEPT . The ordering of the rules is important. Perhaps you can provide more context by showing us the rules preceding the one above? -- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] iptables blocks ssh
gentoo-user@lists.gentoo.org wrote: > On Wed, 8 Jun 2005, Antonio Coralles wrote: > >> I've recently turned my workstation into a router for my laptop, using >> the great gentoo home router guide. Everthing is ok so far, with one >> exception: I can't connect to my ssh server anymore from outside the >> LAN, becuase iptables seems to prevent this, allthough i >> # iptables -A INPUT -p TCP --dport ssh -i eth1 -j ACCEPT . > > The ordering of the rules is important. Perhaps you can provide more > context by showing us the rules preceding the one above? > Well, this is a hot tip. I think that the order in which I entered my iptables rules is the same as in 'http://www.gentoo.org/doc/en/home-router-howto.xml code Listing 5.3', whith the exception that I entered '# iptables -A INPUT -p TCP --dport ssh -i eth1 -j ACCEPT' after the nat rules. I'll try to reenter them in the correct order ... Thanks, Antonio -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] iptables blocks ssh
Antonio Coralles wrote: > gentoo-user@lists.gentoo.org wrote: > > >>On Wed, 8 Jun 2005, Antonio Coralles wrote: >> >> >>>I've recently turned my workstation into a router for my laptop, using >>>the great gentoo home router guide. Everthing is ok so far, with one >>>exception: I can't connect to my ssh server anymore from outside the >>>LAN, becuase iptables seems to prevent this, allthough i >>># iptables -A INPUT -p TCP --dport ssh -i eth1 -j ACCEPT . >> >>The ordering of the rules is important. Perhaps you can provide more >>context by showing us the rules preceding the one above? >> > > Well, this is a hot tip. I think that the order in which I entered my > iptables rules is the same as in > 'http://www.gentoo.org/doc/en/home-router-howto.xml code Listing 5.3', > whith the exception that > I entered '# iptables -A INPUT -p TCP --dport ssh -i eth1 -j ACCEPT' > after the nat rules. I'll try to reenter them in the correct order ... > > Thanks, > Antonio iptables -A INPUT -p TCP --dport ssh -i eth1 -j ACCEPT replace "eth1" with "eth0", or remove string "-i eth1" noro -- gentoo-user@gentoo.org mailing list
