Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have iptables working so far for my Web Server, DNS, HTTPS and Game Server. However setting it up for other services is getting to be problematic. First I tried to set up a ruleset for VSFTP. I never got it to work. Now I've decided to forego the ftp server and run SSHD.
In both cases I have tried to setup rudamentory rules for these services (FTP and SSH) in much the same way I did for my other services (HTTP, HTTPS, DNS). I expected at least the SSH server to require rules similar in construct to HTTP/TCP servers.
Here are my rules:
# Enable tcp server from port 22
iptables -A INPUT -i $IFACE -p tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -o $IFACE -p tcp --sport 22 -j ACCEPT
# Allow tcp client on port 22
iptables -A INPUT -i $IFACE -p tcp --sport 22 -j ACCEPT
iptables -A OUTPUT -o $IFACE -p tcp --dport 22 -j ACCEPT
These rules are similar to what I have for my web server as illustrated below:
# Allow internet browsing
iptables -A INPUT -i $IFACE -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o $IFACE -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
# Enable HTTP server
iptables -A INPUT -i $IFACE -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o $IFACE -p tcp --sport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
Are they the only rules that you have got set? Because if not, maybe a rule further up the chain is blocking the connection before it get's to the SSH one's.
Also, what I would first try stopping iptables and see if you can connect to the SSH service without a firewall, just to make sure that is working.
I think you're making some unwarranted assumptions about the source ports. Your SSH server listens on port 22, but I don't think it has to respond on port 22. So your OUTPUT rules may be keeping you from establishing a connection. To be honest, I have very few rules on my OUTPUT chain other than allowing NEW, ESTABLISHED and RELATED traffic. I don't have any server specific rules.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
