iptables & ssh
 

Hi, i currently have a gateway between the internet and private network with the following iptable rules.

iptables -P INPUT DROP
iptables -P OUTPUT DROP

iptables -P FORWARD ACCEPT

There are some problems with this, i cannot connect to the gateway via SSH or HTTP.
Ive tried these rule but with no luck.

iptables -A INPUT -p tcp --sport 22 -j ACCEPT
iptables -A INPUT -p udp --sport 22 -j ACCEPT
iptables -A INPUT -p tcp --sport 80 -j ACCEPT
iptables -A INPUT -p udp --sport 80 -j ACCEPT

Does anyone know the correct syntax so i can do this. I have an apache web server running on port 80 on the gateway. Would nice to be able to connect to it :-).

If i remove the rules I.E iptable -P INPUT/OUTPUT ACCEPT i can SSH & HTTP into my gateway.

Any ideas?

Thanks Rich

22 is the destination port (dport), not the source port (sport)

tried that still not working.

tried what... please give actual code etc...

I've tried, iptables -A INPUT -p tcp -i eth1 --dport 22 -j ACCEPT and the same with port 80.But this doesnt seem to work. My setup is shown below:

Internet :eth0 ====GATEWAY==== eth1: Local Area Network

Thanks,

what's the full iptables list look like? obviosuly if you add that rule after a wider reject it'll have no benefit.

The full iptables commands are:

iptables -F
iptables -P INPUT DROP
iptables -P FORWARD ACCEPT
iptables -P OUTPUT DROP

If i then run the following commands then i can gain access to the gateway?

Is this the only way to do it . . .
iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp -o eth0 --sport 22 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 --sport 22 -j ACCEPT
iptables -A OUTPUT -p tcp -o eth0 --dport 22 -j ACCEPT

Seems a bit long winded?

that's clearly not the whol list, as your commands your trying aren't listed there...

well you'd use connection tracking so you'd only have one entry per service, but that really isn't long winded at all.

To get the full list (as it is actually used), try posting the output of “iptables-save”.