I my case I need to open ports from 30000:60000
for SSH to work. After looking a while over the
net I could not find any explanation. Everywhere
it is stated that for SSH to work one should open
tcp port 22 and that's all, which in my case is
not enough.
I also tried to log the network requests by adding
-A INPUT -p tcp -j LOG --log-prefix Firewall:
into iptables rules:
After this when I try to SSH to 192.168.13.254
machine (or any other) I get the following logs:
Code:
Firewall:IN=eth0 OUT= MAC=00:19:...
SRC=192.168.13.10 DST=192.168.13.254 LEN=60
TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROT=TCP SPT=22
DPT=46993 WINDOW=5792 RES=0x00 ACK SYN URGP=0
As one can see the SPT (source port) is correctly
set to 22 but the DPT is set to 46993 and this
number varies in wide range. Also the WINDOW can
vary up to 32768. I think this is the problem that
opening only port 22 does not allow SSH to function.
Does anybody know if this is the cause of the problem ?
and how can this be fixed ? As I do not want to open
a wide range of tcp port just for SSH to work.
Thanks for any help.