remote ssh access from port 2222

zodehala · 03-06-2009, 03:43 AM

i can not access centos from remote

our network is following
http://img24.imageshack.us/img24/2954/gif1u.gif

i forward 2222 to centos IP (192.168.1.250)from modem

and

i accept all tcp request from port 2222

Code:

iptables -A INPUT -p tcp --dport 2222 -j ACCEPT

what will i do for firewall or other ?

saavik · 03-06-2009, 04:32 PM

Unfortunately I can not access you network picture.

But...I give it a shot.

I think your server is behind an access-point and you access the port 2222 at the accesspoint which is forwarded to the other machine.

As you use iptables you have a stateful-inspection-firewall which will be able to notice what connection are already running and if an ip packet that leaves the pc trough the output chain belong to a allowed connection.

If you are sure that the packet reaches the second machine you maybe did not allow the second machine to answer.

To prove this we will need the
a) iptables -nvL FORWARD of the first
b) iptables -nvL OUTPUT of the second machine

If you would not like to post those thing here, maybe you just try the following

On the second machine add the following rule:

Quote:

iptables -I OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

This will allow all packages related to a granted connection to be able to leave the second pc.

If this does not help, we will need more info. Maybe the first pc does not let some packages trough.

zodehala · 03-09-2009, 09:13 AM

for centos 5.2 (first machine namely machine which i want to connect from remote)

Code:

[root@localhost ~]# iptables -nvL FORWARD
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  *      virbr0  0.0.0.0/0            192.168.122.0/24    state RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  virbr0 *       192.168.122.0/24     0.0.0.0/0
    0     0 ACCEPT     all  --  virbr0 virbr0  0.0.0.0/0            0.0.0.0/0
    0     0 REJECT     all  --  *      virbr0  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable
    0     0 REJECT     all  --  virbr0 *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable
    0     0 RH-Firewall-1-INPUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0
[root@localhost ~]#

i am tyring to connect through a ssh cliend in windows XP (Second machine)

saavik · 05-26-2009, 03:46 PM

i am pretty sure that this can`t work as you did just append ( -A ) a rule to the iptables.

If this is still an actual problem, I am sure we can solve it by two rules.

a) iptables -I INPUT -p tcp --dport 2222 -j ACCEPT
b) iptables -I OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

just give us the

iptables -nvL

output and we get it working.