[SOLVED] IPtables, stumped

JamesGT · 09-11-2017, 06:58 AM

I have a server where I run Slackware64 14.1 and last night I seemed to have messed up my iptables setup.

Originally I used these pages to set everything up for protection and for ssh.

https://docs.slackware.com/howtos:security:ssh

http://www.slackware.com/~alien/efg/

I followed everything to the letter, and everything was good for a number of years. I did change the ssh port number as I didn't want to use 22, but it all worked.

Yesterday in an attempt to open up FTP(I never had to use it, I just used SFTP all the time...I was the only one to ever need access), I did something to close off ssh completely.

Port 80, 21, 37 and 113 are the only ports open. I've tried different settings in rc.firewall to make changes, but they don't seem to take effect. I've checked to see if everything is is setup the way it should, but it doesn't seem to make a difference.

I've rolled back all the changes to the site, removing rc.firewall, removing all the rc.hide_ssh items to just use sshd_config and setting it to port 22, but even that doesn't open up the port so I can connect directly.

My only access is rebooting my system into a rescue console where I can mount the drive, then chroot to it to make changes. Once changes are made, I reboot to see if it works, but nothing seems to change to open that specific port for SSH.

Any ideas? Are the iptables rules stored somewhere that need to be flushed? I have tried iptables -F but it seems to flush the rescue console, not the iptables in Slackware.

JamesT

slalik · 09-11-2017, 07:46 AM

Quote:

Originally Posted by JamesGT

My only access is rebooting my system into a rescue console where I can mount the drive, then chroot to it to make changes.

Do you also mount /proc /sys /dev before chroot?

Code:

# mount --bind /proc /mnt/proc
# mount --bind /dev /mnt/dev
# mount --bind /sys /mnt/sys

JamesGT · 09-11-2017, 08:34 AM

Quote:

Originally Posted by slalik

Do you also mount /proc /sys /dev before chroot?

Code:

# mount --bind /proc /mnt/proc
# mount --bind /dev /mnt/dev
# mount --bind /sys /mnt/sys

I did not.

I just did that, made all the same changes, used the following commands

Code:

iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t nat -F
iptables -t mangle -F
iptables -F
iptables -X

Rebooted, same result.

JamesGT · 09-11-2017, 09:17 AM

Looking at the last boot messages...sshd isn't even running. :/

JamesGT · 09-11-2017, 09:37 AM

Ok, I got it.

Comparing the last few reboot logs showed that SSHD wasn't even running at all. I tried to run sshd from the rescue console, and it gave me a error in the config at line 60. Line 60 was a colon. Deleted that, rebooted, access granted.

I was in sshd_config because I noticed I could connect via port 22, and that's not supposed to happen. I went to check it in VI and I guess, I was in insert mode and when I went to exit :q, it put the colon in there. When I tried to exit, I wrote the file and exit(habit...even if I don't make any changes, I still write to the file).

Taking out the colon and rebooting I can ssh back in.

James