unable to connect to my linux router from internet using ssh
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
unable to connect to my linux router from internet using ssh
Can some one help me with my iptable config for my RH 9.0 linux router. I am using it as a dhcp server/gateway/firewall. Every thing works fine I can connect to it from my local LAN using ssh, however I can't connect to it from the internet using ssh.
I have added the following line to my firewall script, to allow incoming ssh connections from internet. But haven't had luck yet.
There is nothing in the log files about the incoming connection from internet
Thank you very much for your helpful suggestion, I tried it and it worked great.
I have one more question for you though in my iptables --list output I see a number of following entries.
ACCEPT all -- anywhere anywhere
my question is these rules don't they override the other security rules I am trying to put in place using iptables?
Please see the complete out put from "iptables --list" command below.
[root@linuxrouter root]# iptables --list
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- 192.168.1.0/24 anywhere
ACCEPT all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp spt:bootpc dpt:b
ootps
ACCEPT all -- anywhere anywhere state RELATED,ESTABL
ISHED
ACCEPT all -- 192.168.1.0/24 anywhere
ACCEPT all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp spt:bootpc dpt:b
ootps
ACCEPT all -- anywhere anywhere state RELATED,ESTABL
ISHED
ACCEPT all -- 192.168.1.0/24 anywhere
ACCEPT all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp spt:bootpc dpt:b
ootps
ACCEPT all -- anywhere anywhere state RELATED,ESTABL
ISHED
ACCEPT all -- 192.168.1.0/24 anywhere
ACCEPT all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp spt:bootpc dpt:b
ootps
ACCEPT all -- anywhere anywhere state RELATED,ESTABL
ISHED
ACCEPT tcp -- anywhere anywhere tcp spt:ssh
ACCEPT tcp -- anywhere anywhere tcp spt:ssh
ACCEPT udp -- anywhere anywhere udp spt:ssh
ACCEPT tcp -- anywhere anywhere
ACCEPT all -- 192.168.1.0/24 anywhere
ACCEPT all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp spt:bootpc dpt:b
ootps
ACCEPT all -- anywhere anywhere state RELATED,ESTABL
ISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh state NE
W
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh state NE
W
ACCEPT all -- 192.168.1.0/24 anywhere
ACCEPT all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp spt:bootpc dpt:b
ootps
ACCEPT all -- anywhere anywhere state RELATED,ESTABL
ISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh state NE
W
udp -- anywhere anywhere udp dpt:ssh
ACCEPT all -- 192.168.1.0/24 anywhere
ACCEPT all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp spt:bootpc dpt:b
ootps
ACCEPT all -- anywhere anywhere state RELATED,ESTABL
ISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh state NE
W
ACCEPT udp -- anywhere anywhere udp dpt:ssh state NE
W
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABL
ISHED
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABL
ISHED
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABL
ISHED
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABL
ISHED
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABL
ISHED
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABL
ISHED
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABL
ISHED
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- localhost.localdomain anywhere
ACCEPT all -- 192.168.1.10 anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- localhost.localdomain anywhere
ACCEPT all -- 192.168.1.10 anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- localhost.localdomain anywhere
ACCEPT all -- 192.168.1.10 anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- localhost.localdomain anywhere
ACCEPT all -- 192.168.1.10 anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- localhost.localdomain anywhere
ACCEPT all -- 192.168.1.10 anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- localhost.localdomain anywhere
ACCEPT all -- 192.168.1.10 anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- localhost.localdomain anywhere
ACCEPT all -- 192.168.1.10 anywhere
ACCEPT all -- anywhere anywhere
Too much output for me to look thru it all sorry :-/ iptables -L -n -v gives much more readable format (I find).
iptables matches rules in the order they appear in, so if you have a chain that the first rule says deny everything, then the second rule says accept everything, then only the first rule will be matched and everything will be denied. If you want to change the order, you need to drop everything then restore everything in order; look at man iptables-save and man itables restore. You may also find this place useful (http://www.linuxguruz.com/iptables/howto/).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.