LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   I can't SSH to my machine after setting up PPTP VPN (http://www.linuxquestions.org/questions/linux-networking-3/i-can%27t-ssh-to-my-machine-after-setting-up-pptp-vpn-4175421585/)

Rothbardian_Tech 08-11-2012 12:34 PM

I can't SSH to my machine after setting up PPTP VPN
 
Hi all. I've been using ssh access to my Fedora 12 box for years without a hitch. Now I have decided to setup a lightweight VPN using PPTP for use with the iPhone's VPN client on 3G. This has worked flawlessly, but now I can't access the Fedora machine via ssh anymore. All worked fine until I executed this script with iptables rules for the VPN to work. So now I have functional VPN, but SSH is broken. Any clues? this is the script I used:


iptables_set.sh:

#!/bin/bash
/sbin/iptables -F
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT
/sbin/iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p gre -j ACCEPT
/sbin/iptables -A INPUT -p icmp -j ACCEPT
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/service iptables save
/sbin/iptables -L -v

My setup: Fedora 12 Machine with single (eth0) NIC > IPTables > Telsey CPVA500 Router with NAT > Internet

KinnowGrower 08-11-2012 01:00 PM

There is no IPtables rules to allow ssh. So add one. If 'this' is the fedora12 box you want to ssh then the rule would be something like this
Code:

/sbin/iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
If you want rule to allow only for specific network then change it according to that.

Rothbardian_Tech 08-11-2012 01:39 PM

Command line rules
 
I have SSH server set up on port 6886, NAT on router and port 6886 open on Fedora's firewall GUI.
Before executing that script, I was able to connect to both SSH and VPN but not getting internet through the VPN. Should I use the command line above instead of Fedora's firewall GUI? I want to make sure it won't break internet access on my VPN.

Rothbardian_Tech 08-11-2012 03:47 PM

Solved
 
Solved. I didn't notice the script above flushed all my iptables rules (stupid on my part)
Tomorrow I will be in front of the server, in order to correct the mess locally.

Celyr 08-12-2012 02:29 AM

Also it may be a good idea to try to use snat instead of masquerade wich is reported as potentially insecure

Rothbardian_Tech 08-12-2012 11:24 AM

Thanks for the tip. All is working fine now: I'm posting this from my iPhone connected to vpn and ssh at the same time. Only one thing: Fedora 12 firewall gui sucks, I'm using iptables from command line from now on.

KinnowGrower 08-12-2012 12:23 PM

Quote:

Originally Posted by Rothbardian_Tech (Post 4752416)
Thanks for the tip. All is working fine now: I'm posting this from my iPhone connected to vpn and ssh at the same time. Only one thing: Fedora 12 firewall gui sucks, I'm using iptables from command line from now on.

Would like to say, Don't use too older fedora version. Reason is , Current version of Fedora is Fedora 17. You will get package for Fedora 15 and Fedora 16 only from the fedora repositories not older than that. So when you are trying to install any new package on your fedora 12 machine using #yum install kb3. It wont work. You have to update your whole machine at the spot.

If you dont want to update so quickly then use Centos (It is Redhat/Fedora with Centos Logos)


All times are GMT -5. The time now is 05:08 AM.