Jennifer Tippens wrote:
> I'm using ipchains to filter packets. I have pop open from the outside
> so we can check our mail from home, I do not allow telnet into the box
> or ftp for that matter. How do I open up port 22 for ssh connections?
> I've tried:
> $IPCHAINS -A input -i $E_IF -p tcp -s 0/0 -d 0/0 22 -j ACCEPT
> and this seems not to work. Any suggestions?
Okay, firstly this wouldn't work if there's a DENY or REJECT rule added
earlier which matches the SSH packets. ie, you can't deny everything
then allow SSH - it needs to be done the other way round.
Secondly I'm not sure if 0/0 is valid - but 0.0.0.0/0 definitely is.
Incidentally in the example you've given the -s for source port is
redundant as if not specified it'll match anything anyway.
Thirdly, do you have any DENY or REJECT rules on your output chain that
would match the outgoing SSH traffic?
Fourthly, try adding a -l to all your DENY or REJECT rules (if you don't
have it already) so ipchains will log to syslog (usually
/var/log/messages) all packets it drops.
Hope one or other of these suggestions helps :-)
--
Email: [EMAIL PROTECTED]
Phone: +64-21-870-425
ICQ: 5632563
or shout loudly
************
[EMAIL PROTECTED] http://www.linuxchix.org