Using SSH through a Linksys router
I recently upgraded from a dialup to DSL and additionally added a Linksys router so that two computers could share the internet. Before this I had a crossover cable connecting the two machines directly and was using SSH to share files, and was also using one computer as a gateway so that I could access the internet on both computers if I needed to. Of course, with the router I can use the internet easily on both computers, but I am wondering how I can share files again via SSH over that same ethernet connection?
I have been running firewalls on the two computers, and they seem to work okay as far as I can tell. I have tested the system with Shield's Up, though it actually reports the same without firewalls. (I was curious as to what the router was doing) BTW, the firewall scripts I am using I obtained with the Easy Firewall Generator online, at http://easyfwgen.morizot.net/gen/, since I am a complete bonehead concerning iptables. I did boot the second machine without the firewall script once as a test and it was available with SSH to my other computer, so I have assumed that my problem will be in the firewall. I had hoped, given my ignorance regarding iptables, that perhaps somebody here could give me some advice as to how to proceed so that I can access files on each computer and also surf the internet safely. Any help or information at all is very much appreciated. Patrick |
Shield's up gives the same result with and without your iptables firewall because the router is acting as a firewall. You can go to http://192.168.1.1/ in a browser to look at the router settings. The router firewall (hardware firewall) is really all that you need to protect you from the outside world, but it doesn't hurt to set up an iptables firewall also. SSH uses port 22, so all you have to do is open that port and you should be able to share files between your pcs. If you want to be able to ssh from outside your network to your pcs, you will need to make a hole in the router firewall. But if you do this make sure you have a good password because some bonehead will try to break in through ssh.
|
That is what I figured, and why I checked Shield's Up without the firewall. I was curious if it was running one as well. But, I thought that I should run a firewall on my computers also, just to be safe you know.
I guess I could shut off the firewalls altogether, but I suppose it just makes me a little nervous. And port 22 appears to be open on my firewall, and I tried opening up the local network, i.e. 192.168.15.100/24, but that didn't help. Since these services do work without the iptables firewalls up I would assume that there is nothing in the router which is interfering. And I certainly didn't want to allow anything in from outside of my home connections, so it would seem that at first glance nothing in the hardware really needs changing. But, that leaves me with iptables scripts, which just escape me in general. So, if I were interested in keeping an iptables firewall running, could you recommend anyplace to start for setting up something basic and simple that will allow me to use SSH and such? Thanks for the help, Patrick |
I have never messed with iptables directly. I use shorewall which uses config files to set up iptables. I find it a bit easier. If you are using KDE, guarddog is a gui setup for iptables. If you want, I can post my shorewall rules when I get home.
|
Thanks for that. I would very much like to see how that works, as I have never braved shorewall. I had thought that it was for standalone routers, and I have never used one. If you could make a suggestion about how to set shuch a thing up and get it running I would love to give it a try.
Unfortunately, I don't run KDE. I am using Ion3 on Slackware 10.2, so I have not had a lot of the tools to make these things simple. In most situations I can work though these things eventually, with a lot of reading and searching, but iptables has been one of my banes. That and ALSA. The mere sight of those four letters sends me running for the hills, and iptables just confuses me to death. Patrick |
Quote:
Do you only want to be able to ssh from and to computers in the LAN (private ips), or do you want to be able to SSH to one (or both) of your LAN computers from outside? Sheilds Up is only relevant from outside (it knows nothing about your internal LAN). Your DSL router uses NAT for incoming connections (and it by default should allow no or little traffic). Generally, the router does NOT perform filtering on packets inside the network. You have to provide us more information about your computers' netfilter setups. Please post the output of Code:
$ iptables -nvL |
Quote:
What did you change in the firewall scripts when you switched to DSL? Try this:
By taking a quick look at the site, here's what I think you should have done: Check `Allow Inbound Services' It will then ask you what services. Check ssh. |
Here are the files from my shorewall config. You may also want to take a look at shorewall.conf. There is a package for slackware, but the config files might be in a different place than /etc/shorewall.
/etc/shorewall/rules Code:
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL R ATE USER/ Code:
# #ZONE DISPLAY COMMENTS Code:
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST Code:
#ZONE INTERFACE BROADCAST OPTIONS |
Nothing to see here. Move along.
|
Quote:
As for my output from iptables, let me do a bit more and add a little to my situation and see if you or any others can offer any advice. As I had mentioned I was running a script from Easy Firewall Generator, and this had not changed from before the DSL and after. Since trying to use SSH I had changed several settings though this did not help. I could ping and use SSH if I ran without a firewall at all, but not with it. However, I did some searching around and found this very, very basic firewall and it did seem to work. Being so ignorant I am afraid I am unsure if it really is very secure, but using it I could add a couple of rules for the LAN and could then connect. I added the two lines regarding the LAN and SSH, and it did allow through the SSH connections and so on. I will post it in full, as it is short. Please let me know where I have messed up with this. Code:
#!/bin/sh Quote:
Patrick |
Quote:
Thanks again for the info and I will certainly be looking into that. Patrick |
Maybe you thought carthrige posted that. I have so many ports open because I have a web server and email server. Of course he wouldn't need to open 80 and 25 for just ssh. I'm not sure about your suggestions, but I do know that the rules I posted work for me. I can ssh between computers on my local network, and if I open the router firewall I can ssh from outside. Notice some of the ports are commented out in the rules file so not open. Also in the policy file, the first rule takes precedence over the second rule and so on so everything from fw (local pc) to the net is allowed and everything from the net to the fw is dropped (except for exceptions in the rule file.
|
Quote:
NOTE to cothrige: ignore everything I said about shorewall, as it is most probably wrong. |
Quote:
|
Quote:
And good to know about the second line. I put it in there thinking that my port may not be open to the LAN even after allowing the traffic in with the first line. But, now thinking about it I can see what you mean and I will fix that. No reason to have unnecessary stuff, as there is no way of being sure what it may do. Thanks again for the info and the tips on this firewall. I am just glad to see things running along as they used to with some remaining hope of continued security. Patrick |
All times are GMT -5. The time now is 06:52 AM. |