can't ssh

[droidus]

I am not able to ssh after setting up iptables. Here are my rules:

Code: Select all

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [375:49880]
[0:0] -A INPUT -i lo -j ACCEPT
[1169:86976] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 139 -j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 5901 -j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 6001 -j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 8081 -j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 445 -j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 10159 -j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 68 -j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 123 -j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 137 -j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 138 -j ACCEPT
[13:1872] -A INPUT -j DROP
COMMIT

[knute]

I'm not an iptables expert and I don't use it anymore since ufw is so easy but it looks to me like you don't allow any NEW connections.

[pluggy]

Agreed, I use ufw to do the hard work with iptables. Way too easy to get iptables wrong. Its obscure syntax doesn't do it any favours.

[ripat]

The iptables rules posted above should accept a ssh connection. At least on port 22. Is your sshd listening on that port?

Post the result of:

Code: Select all

$ sudo netstat -taupen | grep 'LISTEN.\+sshd'