Configure two servers to only communicate with each other via SSH?

dinopunch4000 · 02-25-2014, 06:18 PM

I have two servers, let's call them server1 and server2. I want to restrict them to only be able to communicate with each other via SSH.

I'm new to iptables, but I've written the following iptables rules on server1:

Code:

iptables -A INPUT -s server2 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -s server2 -j DROP

This has the intended effect of only allowing server2 to connect to server1 over SSH, but it also has the unintended effect of preventing server1 from connecting to server2 at all. When I also do the reverse on server2, neither server can talk to the other.

Am I missing something here? Or is there perhaps a better way to do this than iptables?

szboardstretcher · 02-25-2014, 06:58 PM

You can also set their subnets to be /31, which is two hosts. I generally set up p2p routers with that kind of subnet.

http://www.cyberciti.biz/tips/linux-...allow-ssh.html

Your ssh iptables question is very very common. Please see this URL for a quick howto.

dinopunch4000 · 02-25-2014, 07:11 PM

That's not quite what I'm trying to do. I want to ensure that any communication that happens between server1 and server2 happens through SSH. I need to enable SSH communication, and only SSH communication between the two servers.

szboardstretcher · 02-25-2014, 07:19 PM

A quote from that page:

"This script is purely strict firewall. It only allows incoming ssh. No other incoming service or ping request or no outgoing service or request allowed."

which is what you said:

"I need to enable SSH communication, and only SSH communication between the two servers."

Am i not understanding something in your request?

dinopunch4000 · 02-25-2014, 07:25 PM

Oh, okay. Sorry, I must have missed the link in your first post. I'll try it out. Thanks for your help.