droidus
Posts: 264
Joined: Sat Feb 02, 2013 4:09 am

can't ssh

Thu Dec 18, 2014 3:21 am

I am not able to ssh after setting up iptables. Here are my rules:

Code: Select all

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [375:49880]
[0:0] -A INPUT -i lo -j ACCEPT
[1169:86976] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 139 -j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 5901 -j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 6001 -j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 8081 -j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 445 -j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 10159 -j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 68 -j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 123 -j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 137 -j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 138 -j ACCEPT
[13:1872] -A INPUT -j DROP
COMMIT

knute
Posts: 550
Joined: Thu Oct 23, 2014 12:14 am
Location: Texas
Contact: Website

Re: can't ssh

Thu Dec 18, 2014 4:13 am

I'm not an iptables expert and I don't use it anymore since ufw is so easy but it looks to me like you don't allow any NEW connections.

User avatar
pluggy
Posts: 3635
Joined: Thu May 31, 2012 3:52 pm
Location: Barnoldswick, Lancashire,UK
Contact: Website

Re: can't ssh

Thu Dec 18, 2014 2:18 pm

Agreed, I use ufw to do the hard work with iptables. Way too easy to get iptables wrong. Its obscure syntax doesn't do it any favours.
Don't judge Linux by the Pi.......
I must not tread on too many sacred cows......

ripat
Posts: 191
Joined: Tue Jul 31, 2012 11:51 am
Location: Belgium

Re: can't ssh

Tue Dec 23, 2014 3:08 pm

The iptables rules posted above should accept a ssh connection. At least on port 22. Is your sshd listening on that port?

Post the result of:

Code: Select all

$ sudo netstat -taupen | grep 'LISTEN.\+sshd'
Using Linux command line usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.

Return to “Troubleshooting”