Allowing in SSH
mike
mike" <postmaster@netfort.net
Fri, 18 Jan 2002 00:24:19 +0300
Hi
if you'd like to have the box accept SSH on eht1 from inside you need INPUT
and OUTPUT chains not FORWARD in this case
try this rule :
$IPTABLES -A INPUT -i eth1 -p TCP -s $YOUR_IP_INSIDE --sport 1024:65535 -d
$IPADDR_INT_LINUXBOX --dport 22 -j ACCEPT
$IPTABLES -A OUTPUT -o eth1 -p TCP -s $IPADDR_INT_LINUXBOX --sport 22 -d
$YOUR_IP_INSIDE --dport 1024:65535 -j ACCEPT
Best regards
Mike
----- Original Message -----
From: "Gar Nelson" <Gar.Nelson@noaa.gov>
Cc: "netfilter" <netfilter@lists.samba.org>
Sent: Thursday, January 17, 2002 10:53 PM
Subject: Allowing in SSH
> Yes, I am just starting learning about iptables
> Yes, I am reading howtos and articles, I'm just not absorbing all the good
stuff yet.
>
> I have default policies of;
>
> $IPT -P INPUT DROP
> $IPT -P OUTPUT DROP
> $IPT -P FORWARD DROP
>
> I've got a rule working to allow anything from inside to be forwarded
outside, but what
> I'm missing is to be able to get to the firewall box itself. Its this big
black hole to
> anything trying to get to it specifically from either side.
>
> eth0 is outside and eth1 is inside. I'd like to have the box accept SSH
on eth1 so I can
> get in and read the logs. I don't need SSH access from eth0.
>
> My forward rule is;
> $IPT -A FORWARD -i eth1 -o eth0 -s 192.168.100.0/24 -j ACCEPT
>
> Anyone have the time to help out with a clue x four while I continue
reading FAQs, HOWTOs,
> and Linux Journal articles?
>
>
>
>