Hello all,
I have the following issue - after i changed my port of ssh to 2222, it stopped accepting connections from the outside world
Before that it was OK on port 22, but i'm recieving a lot of brute force attacks, so i decide to minimize the automatic attacks by changing the port. Now i can ssh only from my internal network. Here is some info:
Server Slackware 13.37
running L.A.M.P.; Nagios, ftp, ssh, simple firewall(currently stopped)
The server is then connected to a router and has a firewall with masquarade
sshd_config:
Code:
Port 2222
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
# The default requires explicit activation of protocol 1
Protocol 2
netstat:
Code:
netstat -ntlp | grep 2222
tcp 0 0 0.0.0.0:2222 0.0.0.0:* LISTEN 1592/sshd
tcp 0 0 :::2222 :::* LISTEN 1592/sshd
firewall-stat:
Code:
Chain POSTROUTING (policy ACCEPT 36 packets, 3413 bytes)
num pkts bytes target prot opt in out source destination
1 16358 1200K MASQUERADE all -- * eth0 0.0.0.0/0 0.0.0.0/0
iptables.filter:
Chain INPUT (policy ACCEPT 20855 packets, 2090K bytes)
num pkts bytes target prot opt in out source destination
1 15 1083 fail2ban-BadBots tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443
2 228 16770 fail2ban-SSH tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2222
nmap:
Code:
Nmap scan report for MyServer (ip-of-server)
Host is up.
PORT STATE SERVICE
2222/tcp filtered EtherNet/IP-1
I tried banner grabbing with telnet, but i didn't get results (i guess because it's filtered
)
i know i'm missing something, just don't see what is it
Any help is appreciated.
regards