SuSE firewall won't let me ssh to the box
 

Hi!

I know for sure that SSH deamon is running. I tried flushing the iptables rules, but it didn't help. How can I turn the firewall off, so I can ssh to the box?

turning the firewall off is not the solution. you should add a rule to the firewall which makes iptables let you ssh into the box. something like this
make sure you have a entry like this in your /etc/hosts.allow file
sshd : $DESTINATION

and you do not have the same in /etc/hosts.deny

where $DESTINATION is the ip you want to ssh from, $SOURCE is the ip of the machine your are trying to ssh and $SSH_PORT is the port number of SSH in the source which by default is 22 but can be set to anyother value.

Hello,
I did everything you suggested:

a) I added "sshd : 192.168.2.8" to /etc/hosts.allow
b) I commented "http-rman : ALL EXCEPT LOCAL" in /etc/hosts.deny
c) I executed the rule you suggested (only with /usr/sbin/iptables)

192.168.2.8 is my laptop, 182.168.2.6 is the SuSE box and 182.168.2.1 is my belkin router.

The situation is still the same, Putty just returns an error: Network error - connection timed out. :\

I checked my rulelist (iptables -L) and this is what I see under Chain INPUT (policy DROP):
Is this correct?

I managed to SSH into my box now by stopping the firewall by executing:
But I still need to 'repair' iptables so it will let me in even when the firewall is on.

Any suggestions?

YAST -> Security & Users -> Firewall -> Allowed Services -> SSH.

I'm surely missing something here, so don't pay too much attention.

Click on the firewall icon of Yast, set ssh as allowed service. Could be too simple, dunno. That's what I do and it works. SuSE 9.3 and 10.0.

Thanks, but I'm working in text-mode here :)

YAST has a text only interface that runs if you are not in a GUI or did not install the GUI version.

Silly me! :)

I found the "Firewall configuration: Allowed services" section.. but I am not able to choose SSH... I can only select Internal, External and Demilitarized zone (what's the difference?)

I don't know which key to press to be able to select a service under Internal Zone (this sounds so lame :\)

External Zone should be already selected for you. Press tab until you get to Service To Allow and then press the down arrow key. A list of services will be show and you can press enter to choose the one you wish.

In the text version of Yast you can select item by hitting the ALT key and the yellow highlighted letter. So you hit ALT-S to get the selction list to find SSH and get it turned off.

The internal, external and DMZ are the zones that you may associate a particular zone with. You then need to indicate which services are allowed for which zone. If your computer is between two firewalls, running a public service like http, then you might want to use DMZ. If you are behind a NAT router and not having anything forwarded to your box, you might use "internal". By default, internal isn't protected by the firewall. Otherwise, you want to choose external. A computer that is hooked up directly to a modem and provided internet access for other computers on the lan has 2 interfaces. One is external and the other is internel.

SSH uses port 22 by default. Some people change the default port because it is a well known target. If you are the only person to use SSH, then uncomment the "AllowUsers" line and add your user name to it. This will disable connection attempts using system usernames. Script kiddies have scripts that will try a number of passwords attacking the usernames of common system users, such as mail, video, mysql and root.