Very Computer

HI.... still have problem to connect to my computer remotly with ssh...

SSH connection to my computer is not possible when the firewall is up.

The rules are simple as it can be: ouput and forward chain are set to
accept all. And here is the input one:

iptables -A INPUT -i $IFACE -p tcp --dport 22 -m state --state
NEW,ESTABLISHED -j ACCEPT

iptables -A INPUT -i $IFACE -p tcp --sport 22  -j ACCEPT

Does anyone have an idea about the reason the connection is blocked by
the firewall...?

Thanks...

Shouldn't INPUT be OUTPUT in your second rule?

--Len.

--
I was the villain?  Well corn my pone.
                                -- Phrack Magazine

You also need a -o on the interface for the OUTPUT rule.

Your welcome,

Norm.
--
I have watched kids testifying before Congress. It is clear that they
are completely unaware of the seriousness of their acts. There is
obviously a cultural gap. The act of breaking into a computer system
has to have the same social stigma as breaking into a neighbor's house.
It should not matter that the neighbor's door is unlocked. The press
must learn that misguided use of a computer is no more amazing than
drunk driving of an automobile.

Ken Thompson Sept. 1995 ACM

Hmmm.

Quote:> iptables -A INPUT -i $IFACE -p tcp --dport 22 -m state --state
> NEW,ESTABLISHED -j ACCEPT

Is there a special reason you r using "-m state"? I didn't know the command till yet. I just let
port 22 open at all. (--dport 22 -j ACCEPT) and it works just fine. I don't think, that it really
makes sense to give the "-m" option here at all.

greets

I've already tried iptables -A -i $INPUT -p tcp --dport 22 -j ACCEPT
iptables -A -i $INPUT -p tcp --sport 22 -j ACCEPT
...but the result was the same. And the OUTPUT chain is set to ACCEPT
everything... so the proble is not there i think.

Thanks anyway for all your suggestions..

It would help if you'd actually tell us a little more. Are those three rules
*all* of your firewall rules? SSH connects from privileged ports between
512 and 1024, so if you are blocking privileged ports by a prior rule, that
would do it.

--Len.

--
When you talk about every use of a person's name as ``ad hominem''
you simply make yourself sound illiterate.
                                -- Dan Bernstein