Home > centOS, Fedora 12 > centOS – ssh fail iptables

centOS – ssh fail iptables

Service providers making me crazy? Well finally its not possible, because i understand what i am doing. In cisco or router we have two interface wan/lan. lan we trust , wan we don’t, and they missuses that as a service provider, knowing that nobody knows deep.

1. Checking my router open ports against localhost, meaning my iptables are fine, i am 100%, service provider should check there router setting now.

WAN

[root@www etc]# nmap 91.xx.xx.xx

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2010-02-08 20:59 CET
Interesting ports on xxxx.adsl-static.isp.belgacom.be (x):
Not shown: 1673 filtered ports
PORT    STATE  SERVICE
21/tcp  closed ftp
22/tcp  open   ssh
25/tcp  closed smtp
80/tcp  closed http
110/tcp closed pop3
143/tcp closed imap
443/tcp closed https

Nmap finished: 1 IP address (1 host up) scanned in 19.314 seconds

LAN

[root@www etc]# nmap localhost

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2010-02-08 21:01 CET
Interesting ports on http://www..be (127.0.0.1):
Not shown: 1674 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
23/tcp  open  telnet
25/tcp  open  smtp
111/tcp open  rpcbind
631/tcp open  ipp
955/tcp open  unknown

Nmap finished: 1 IP address (1 host up) scanned in 0.061 seconds
[root@www etc]#

2. I am damn correct ssh/static ssh wan is allowed in my box

[root@www etc]#

iptables -P INPUT ACCEPT

# Fresh start
iptables -F
# Localhost/ethernet 0 / yum installation allow
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i eth0 -j ACCEPT
iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT

# SSH
iptables -A INPUT -p tcp –dport 22 -j ACCEPT
#iptables -A INPUT -s aa.bb.aa.bb -d xx.yy.xx.yy -p tcp -m tcp –dport 22 -j ACCEPT
iptables -A INPUT -d xx.yy.xx.yy -p tcp -m tcp –dport 22 -j ACCEPT

# other
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

# show
iptables -L -v

/sbin/iptables/service iptables save

[root@www etc]# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.3.5 on Mon Feb  8 20:17:31 2010
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [368:37026]
:RH-Firewall-1-INPUT – [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp –dport 22 -j ACCEPT
-A INPUT -d xxx.xxx.xxx.xxx -p tcp -m tcp –dport 22 -j ACCEPT
COMMIT
# Completed on Mon Feb  8 20:17:31 2010

Advertisements
Categories: centOS, Fedora 12
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: