On Mon, Apr 09, 2007 at 08:56:40PM +0200, Jochen Schulz wrote: > Hm, weird setup. So you get a non-public IP address on eth0 via DHCP and > a "static" public address for ppp0?
Exactly! > > I do: > > $ sudo tcpdump -vv -i ppp0 "port 22" > > tcpdump: listening on ppp0, link-type LINUX_SLL (Linux cooked), capture > > size 96 bytes > > > > so if you could, please try to connect with ssh to my system! > > Done (twice). Got a timeout again. Sorry, I exit from tcpdump but now I'm run it again! > If you can see either both incoming and outgoing packets or no packets > at all, your setup is fine and someone else is dropping them. If you see > only incoming packets, it's your fault. Could you try to login again, please? > In any case, I would now try to let sshd listen on another port that is > probably not filtered (like 443). Done: sshd_config: Port 443 iptables script: -A block -i ppp0 -p tcp --dport 443 -j ACCEPT But, if I run iptables -L then I can't see opened port 443! Why? Chain block (2 references) target prot opt source destination ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:smtp ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT tcp -- anywhere anywhere tcp dpt:www ACCEPT udp -- anywhere anywhere udp dpt:sip ACCEPT tcp -- anywhere anywhere tcp dpt:sip ACCEPT tcp -- anywhere anywhere tcp dpt:1720 ACCEPT tcp -- anywhere anywhere tcp dpt:rplay ACCEPT tcp -- anywhere anywhere tcp dpts:6680:6699 ACCEPT tcp -- anywhere anywhere tcp dpt:1234 ACCEPT tcp -- anywhere anywhere tcp dpt:9433 ACCEPT 0 -- anywhere anywhere state NEW DROP 0 -- anywhere anywhere > You should definitely remove that test user *now*. To debug connection Done. -- Regards, Paul Csányi -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
