SuSE firewall won't let me ssh to the box
Hi!
I know for sure that SSH deamon is running. I tried flushing the iptables rules, but it didn't help. How can I turn the firewall off, so I can ssh to the box? |
turning the firewall off is not the solution. you should add a rule to the firewall which makes iptables let you ssh into the box. something like this
Code:
/sbin/iptables -A INPUT -p tcp -s $DESTINATION -d $SOURCE --dport $SSH_PORT -j ACCEPT sshd : $DESTINATION and you do not have the same in /etc/hosts.deny where $DESTINATION is the ip you want to ssh from, $SOURCE is the ip of the machine your are trying to ssh and $SSH_PORT is the port number of SSH in the source which by default is 22 but can be set to anyother value. |
Hello,
I did everything you suggested: a) I added "sshd : 192.168.2.8" to /etc/hosts.allow b) I commented "http-rman : ALL EXCEPT LOCAL" in /etc/hosts.deny c) I executed the rule you suggested (only with /usr/sbin/iptables) 192.168.2.8 is my laptop, 182.168.2.6 is the SuSE box and 182.168.2.1 is my belkin router. The situation is still the same, Putty just returns an error: Network error - connection timed out. :\ |
I checked my rulelist (iptables -L) and this is what I see under Chain INPUT (policy DROP):
Code:
ACCEPT tcp -- 192.168.2.8 username tcp dpt:ssh |
I managed to SSH into my box now by stopping the firewall by executing:
Code:
/sbin/SuSEfirewall stop Any suggestions? |
YAST -> Security & Users -> Firewall -> Allowed Services -> SSH.
|
Quote:
Click on the firewall icon of Yast, set ssh as allowed service. Could be too simple, dunno. That's what I do and it works. SuSE 9.3 and 10.0. |
Thanks, but I'm working in text-mode here :)
|
Quote:
|
Silly me! :)
I found the "Firewall configuration: Allowed services" section.. but I am not able to choose SSH... I can only select Internal, External and Demilitarized zone (what's the difference?) I don't know which key to press to be able to select a service under Internal Zone (this sounds so lame :\) |
Quote:
|
In the text version of Yast you can select item by hitting the ALT key and the yellow highlighted letter. So you hit ALT-S to get the selction list to find SSH and get it turned off.
|
The internal, external and DMZ are the zones that you may associate a particular zone with. You then need to indicate which services are allowed for which zone. If your computer is between two firewalls, running a public service like http, then you might want to use DMZ. If you are behind a NAT router and not having anything forwarded to your box, you might use "internal". By default, internal isn't protected by the firewall. Otherwise, you want to choose external. A computer that is hooked up directly to a modem and provided internet access for other computers on the lan has 2 interfaces. One is external and the other is internel.
SSH uses port 22 by default. Some people change the default port because it is a well known target. If you are the only person to use SSH, then uncomment the "AllowUsers" line and add your user name to it. This will disable connection attempts using system usernames. Script kiddies have scripts that will try a number of passwords attacking the usernames of common system users, such as mail, video, mysql and root. |
All times are GMT -5. The time now is 02:53 AM. |