However when the firewall is off, SSH works beautiful. Im trying to ssh from 10.0.0.2 to 192.168.1.2. My log below shows that the SSH connection is trying to goto eth0 for 192.168.1.2. It shouldbe going to eth1.
THanks as always
ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:02:B3:28:80:5C
inet addr:192.168.3.2 Bcast:192.168.3.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:764 errors:0 dropped:0 overruns:0 frame:0
TX packets:648 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:22 Base address:0xec80
eth1 Link encap:Ethernet HWaddr 00:B0
0:B0:22:9B
inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:23 errors:0 dropped:0 overruns:22 carrier:0
collisions:0 txqueuelen:100
Interrupt:16 Base address:0xccc0
iptables***************************
#!/bin/sh
# you set the permission as follow:
# chown root.root scriptname
# chmod 700 scriptname
#=============== Start
# Load the netfilter modules
/sbin/depmod -a
/sbin/modprobe ip_tables
# Set iptable variable path
IPT=/sbin/iptables
echo -n "Loading Firewall Rules....."
#Flush all existing rules
$IPT -F
$IPT -X
$IPT -F -t nat
#Set default policies
$IPT -P INPUT DROP
$IPT -P FORWARD DROP
$IPT -P OUTPUT ACCEPT
#Set-up the "firewall-chain" rules
$IPT -N firewall
$IPT -A firewall -m limit --limit 20/minute -j LOG --log-level warning --log-prefix "FIREWALL: "
$IPT -A firewall -j DROP
#Accept Ourselves
$IPT -A INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -j ACCEPT
#Drop any bad flags
$IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j LOG --log-level info --log-prefix "FIREWALL: BAD FLAG! L1: "
$IPT -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
$IPT -A INPUT -p tcp --tcp-flags ALL NONE -j LOG --log-level info --log-prefix "FIREWALL: BAD FLAG! L3: "
#Block ping
$IPT -A INPUT -i eth0 -s 0/0 -d 192.168.3.2 -p icmp --icmp-type echo-request -j DROP
#Drop traceroute packets
$IPT -A INPUT -i eth0 -s 0/0 -d 192.168.3.2 -p udp --dport 33435:33525 -j DROP
#Stuff to drop syn floods
#$IPT -N syn-flood
#$IPT -A syn-flood -m limit --limit 1/s --limit-burst 10 -j RETURN
#$IPT -A syn-flood -j LOG --log-level warning --log-prefix "FIREWALL: SYN Flood Stopped: "
#$IPT -A syn-flood -j DROP
#$IPT -A INPUT -p tcp --syn -j syn-flood
#State matching stuff - to accept related and established connections
$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
#Accept SSH
$IPT -A INPUT -i eth0 -s 10.0.0.2 -p tcp -d 192.168.3.2 --dport 22 -j ACCEPT
$IPT -A INPUT -i eth1 -s 10.0.0.2 -p tcp -d 192.168.1.2 --dport 22 -j ACCEPT
$IPT -A INPUT -i eth1 -s 0/0 -p tcp -d 0/0 --dport 22 -j ACCEPT
#Accept incoming SMTP requests
$IPT -A INPUT -i eth0 -s 0/0 -p tcp -d 192.168.3.2 --dport 25 -j ACCEPT
#Accept POP3 requests
$IPT -A INPUT -i eth0 -s 10.0.0.2 -p tcp -d 192.168.3.2 --dport 110 -j ACCEPT
#Accept Samba
$IPT -A INPUT -i eth0 -s 10.0.0.2 -p tcp -d 192.168.3.2 --dport 137:139 -j ACCEPT
$IPT -A INPUT -i eth0 -s 10.0.0.2 -p udp -d 192.168.3.2 --dport 137:139 -j ACCEPT
#Accept Domain Name Server stuff..
#$IPT -A INPUT -i eth0 -s 198.6.1.4/24 -p tcp -d 0/0 --dport 53 -j ACCEPT
#$IPT -A INPUT -i eth0 -s 198.6.1.5/24 -p udp -d 0/0 --dport 53 -j ACCEPT
#Send everything else to the firewall chain - DENY it and LOG it.
#$IPT -A INPUT -p tcp --syn -j firewall
#$IPT -A INPUT -p udp -j firewall
$IPT -A INPUT -j LOG
echo "DONE"
LOG*********************
kernel: IN=eth0 OUT= MAC=00:02:b3:28:80:5c:00:02:b3:39:c0:ac:08:00 SRC=10.0.0.2 DST=192.168.1.2 LEN=48
TOS=0x00 PREC=0x00 TTL=128 ID=29663 DF PROTO=TCP SPT=2207 DPT=22 WINDOW=16384 RES=0x00 SYN URGP=0
Jan 13 11:54:45 mail kernel: IN=eth0 OUT= MAC=00:02:b3:28:80:5c:00:02:b3:39:c0:ac:08:00 SRC=10.0.0.2 DST=192.168.1.2 LEN=48
TOS=0x00 PREC=0x00 TTL=128 ID=29664 DF PROTO=TCP SPT=2207 DPT=22 WINDOW=16384 RES=0x00 SYN URGP=0
Jan 13 11:54:51 mail kernel: IN=eth0 OUT= MAC=00:02:b3:28:80:5c:00:02:b3:39:c0:ac:08:00 SRC=10.0.0.2 DST=192.168.1.2 LEN=48
TOS=0x00 PREC=0x00 TTL=128 ID=29685 DF PROTO=TCP SPT=2207 DPT=22 WINDOW=16384 RES=0x00 SYN URGP=0