I can't SSH to my machine after setting up PPTP VPN
Hi all. I've been using ssh access to my Fedora 12 box for years without a hitch. Now I have decided to setup a lightweight VPN using PPTP for use with the iPhone's VPN client on 3G. This has worked flawlessly, but now I can't access the Fedora machine via ssh anymore. All worked fine until I executed this script with iptables rules for the VPN to work. So now I have functional VPN, but SSH is broken. Any clues? this is the script I used:
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT
/sbin/iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p gre -j ACCEPT
/sbin/iptables -A INPUT -p icmp -j ACCEPT
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/service iptables save
/sbin/iptables -L -v
My setup: Fedora 12 Machine with single (eth0) NIC > IPTables > Telsey CPVA500 Router with NAT > Internet
There is no IPtables rules to allow ssh. So add one. If 'this' is the fedora12 box you want to ssh then the rule would be something like this
Command line rules
I have SSH server set up on port 6886, NAT on router and port 6886 open on Fedora's firewall GUI.
Before executing that script, I was able to connect to both SSH and VPN but not getting internet through the VPN. Should I use the command line above instead of Fedora's firewall GUI? I want to make sure it won't break internet access on my VPN.
Solved. I didn't notice the script above flushed all my iptables rules (stupid on my part)
Tomorrow I will be in front of the server, in order to correct the mess locally.
Also it may be a good idea to try to use snat instead of masquerade wich is reported as potentially insecure
Thanks for the tip. All is working fine now: I'm posting this from my iPhone connected to vpn and ssh at the same time. Only one thing: Fedora 12 firewall gui sucks, I'm using iptables from command line from now on.
If you dont want to update so quickly then use Centos (It is Redhat/Fedora with Centos Logos)
|All times are GMT -5. The time now is 02:09 AM.|