Need Help in SuSEfirewall2/Iptables
Hello Group,
I am new with Suse and new with this group too. My boss just told me I need to build an FTP server with Suse 10.0. I installed Suse 10 on the new box fine. I configured to allow only SSH on firewall and it is wide open. My question is, I want to allow only the ip range to access SSH to this box only (192.9.1.0 - 192.9.1.20 and all 187.4.*.*), How do I do that? SuSEfirewall2/iptables installed. I wasted my 3 days googled here and googled there, but could not find any thing. Since I am a brand new rookie with Linux/Suse, please take it easy with me, ok! Here what I know so far. Firewall configuration file: /etc/sysconfig/SuSEfirewall2 Start/stop firewall: /sbin/SuSEfirewall2 start/stop That's it! Thanks for your help Guys and Girls. Jenifer Chung |
ssh has tcp wrapper support. Add SSHD: ALL in /etc/hosts.deny, then add SSHD: $yourip1, $yourip2 in /etc/hosts.allow. In addition to this add the proper iptable rulesets just to make sure the connections get dropped. This is a quick hack but the iptables command could look something like this:
Code:
iptables -A INPUT -p tcp -s 192.168.1.100 --dport 22 -m state --state NEW -j ACCEPT |
Thanks for info. I am familiar with solaris tcp_wrapper/hosts.allow,deny. Linux Suse is new to me. I read the link you sent but not mention any thing about how to run sshd to make it work with hosts.allow/deny. Do I have to setup sshd to run in inetd in able to work with hosts.allow/deny?
In solaris I add the following line into /etc/inetd.conf: ssh stream tcp nowait root /usr/sbin/tcpd sshd -i then add IPs (192.23.,84.12.) in hosts.allow then stop/start inetd daemon and it works fine. In this case, allow only ip start with 192.23 and 84.12. In Suse, I tried to do the same but it does not work for me. I am sorry to bother you. I really need help. What is the add IP format in hosts.allow on Suse? Do I need to run sshd in /etc/xinetd.conf ? I'm total lost on this. Thanks for your help. Jenifer |
Thank you for the help. SuSEfirewall2/Iptables is very complicated. I found out that Suse already used the tcp_wrapper. So I use hosts.allow/deny to block IPs accessing ssh. Thanks again.
|
All times are GMT -5. The time now is 02:17 AM. |