[newbie] ipchains and ssh
Hello, My first post on the newbie list... I have been struggling for some time to get SSH to work on my Linux box (2.2.13-4mdk : Mandrake 6.1). I believe I finally have it up and running, because I am able to create a SSH connection from/to the machine itself. What I can't seem to manage is to make a SSH connection from an external machine (I work in DC, Linux box is at home in OH). I am trying using FiSSH and I repeatedly get "Failed to Connect to Host." Now, I do have a firewall up, and it is a pretty basic one in order to provide IP-Masquerading (which works!), so I thought maybe my problem was simply that the firewall wasn't letting the connection to port 22. So, after extensive research I felt that what I needed to add was a couple rules to allow the connection in, and I tried to add something like this (and other similar variations): ipchains -A input -p tcp -s xxx.xxx.com -d yyy.yyy.yyy.yyy 22 -j ACCEPT ipchains -A output -p tcp -d xxx.xxx.com -d yyy.yyy.yyy.yyy 22 -j ACCEPT But it isn't working - and I think my problem lies with xxx.xxx.com and yyy.yyy.yyy.yyy (the source and destination addresses). 1. I don't exactly know the source IP address for where I'm at, so is it acceptable to use xxx.xxx.com instead? 2. I have a variable IP - so how the heck do I populate yyy.yyy.yyy.yyy with my current IP address if I don't even know it? For #2 - I've seen some people use $IPADDR which is all well and good, but I don't know how to populate that variable without simply hardcoding and that just presents the same problem again. In addition, I typed in the ipchains commands (both above) at the command prompt and used what my IP address is currently and I still couldn't connect to it remotely via SSH.So now my entire solution has been undermined. Any suggestions? Thanks, George
Re: [newbie] ipchains and ssh
At 08:11 AM 9/27/00 -0500, you wrote: Hello, My first post on the newbie list... I have been struggling for some time to get SSH to work on my Linux box (2.2.13-4mdk : Mandrake 6.1). I believe I finally have it up and running, because I am able to create a SSH connection from/to the machine itself. What I can't seem to manage is to make a SSH connection from an external machine (I work in DC, Linux box is at home in OH). I am trying using FiSSH and I repeatedly get "Failed to Connect to Host." Now, I do have a firewall up, and it is a pretty basic one in order to provide IP-Masquerading (which works!), so I thought maybe my problem was simply that the firewall wasn't letting the connection to port 22. So, after extensive research I felt that what I needed to add was a couple rules to allow the connection in, and I tried to add something like this (and other similar variations): ipchains -A input -p tcp -s xxx.xxx.com -d yyy.yyy.yyy.yyy 22 -j ACCEPT ipchains -A output -p tcp -d xxx.xxx.com -d yyy.yyy.yyy.yyy 22 -j ACCEPT But it isn't working - and I think my problem lies with xxx.xxx.com and yyy.yyy.yyy.yyy (the source and destination addresses). 1. I don't exactly know the source IP address for where I'm at, so is it acceptable to use xxx.xxx.com instead? 2. I have a variable IP - so how the heck do I populate yyy.yyy.yyy.yyy with my current IP address if I don't even know it? For #2 - I've seen some people use $IPADDR which is all well and good, but I don't know how to populate that variable without simply hardcoding and that just presents the same problem again. In addition, I typed in the ipchains commands (both above) at the command prompt and used what my IP address is currently and I still couldn't connect to it remotely via SSH.So now my entire solution has been undermined. Any suggestions? Thanks, George I have the exact same setup as you do (almost) and ssh works from anywhere. I just did this ipchains -A input -p tcp -d xxx.xxx.xxx.xxx 22 -j ACCEPT If you are really concerned about the source address, try using the ip address instead of the hostname/DNS name, because it may resolve to something unexpected. As you can see, in my example, I wasn't concerned with the source address. Only the destination address and port number. Dan
Re: [newbie] ipchains and ssh
Dan, I took out the source address and I'm still not able to connect.In your example, I assume you have a genuine IP address in place of xxx.xxx.xxx.xxx.Do you have a static IP then? Of course, I'm also starting to wonder if I'm barking up the wrong tree here and maybe I have something else wrong elsewhere. Any generic ideas on what to check to make sure ssh works?And if I can get out the server here with telnet, I should be able to get out with ssh also, right? Thanks, George "Daniel J. Ferris" [EMAIL PROTECTED] (Mailed by: [EMAIL PROTECTED]) 09/28/2000 08:58 AM CST Please respond to [EMAIL PROTECTED] To: [EMAIL PROTECTED] cc: Subject: Re: [newbie] ipchains and ssh At 08:11 AM 9/27/00 -0500, you wrote: Hello, My first post on the newbie list... I have been struggling for some time to get SSH to work on my Linux box (2.2.13-4mdk : Mandrake 6.1). I believe I finally have it up and running, because I am able to create a SSH connection from/to the machine itself. What I can't seem to manage is to make a SSH connection from an external machine (I work in DC, Linux box is at home in OH). I am trying using FiSSH and I repeatedly get "Failed to Connect to Host." Now, I do have a firewall up, and it is a pretty basic one in order to provide IP-Masquerading (which works!), so I thought maybe my problem was simply that the firewall wasn't letting the connection to port 22. So, after extensive research I felt that what I needed to add was a couple rules to allow the connection in, and I tried to add something like this (and other similar variations): ipchains -A input -p tcp -s xxx.xxx.com -d yyy.yyy.yyy.yyy 22 -j ACCEPT ipchains -A output -p tcp -d xxx.xxx.com -d yyy.yyy.yyy.yyy 22 -j ACCEPT But it isn't working - and I think my problem lies with xxx.xxx.com and yyy.yyy.yyy.yyy (the source and destination addresses). 1. I don't exactly know the source IP address for where I'm at, so is it acceptable to use xxx.xxx.com instead? 2. I have a variable IP - so how the heck do I populate yyy.yyy.yyy.yyy with my current IP address if I don't even know it? For #2 - I've seen some people use $IPADDR which is all well and good, but I don't know how to populate that variable without simply hardcoding and that just presents the same problem again. In addition, I typed in the ipchains commands (both above) at the command prompt and used what my IP address is currently and I still couldn't connect to it remotely via SSH.So now my entire solution has been undermined. Any suggestions? Thanks, George I have the exact same setup as you do (almost) and ssh works from anywhere. I just did this ipchains -A input -p tcp -d xxx.xxx.xxx.xxx 22 -j ACCEPT If you are really concerned about the source address, try using the ip address instead of the hostname/DNS name, because it may resolve to something unexpected. As you can see, in my example, I wasn't concerned with the source address. Only the destination address and port number. Dan