Here are the rules I use for ssh on my box. I'm able to ssh into my
server and ssh out to other servers. The rules under SSH server can
be skipped if you only want to ssh out to another server.
The variables are mostly obviously named with the exception of
$SSH_PORTS. That is defined as 513:1023.
The rules were generated by a script from a website whose URL I've
since lost. If you do a search for 'cablemodem' and 'linux' you
should find the site.
# SSH server (22)
# ---------------
ipchains -A input -i $EXTERNAL_INTERFACE -p tcp \
-s $ANYWHERE $UNPRIVPORTS \
-d $IPADDR 22 -j ACCEPT
ipchains -A output -i $EXTERNAL_INTERFACE -p tcp ! -y \
-s $IPADDR 22 \
-d $ANYWHERE $UNPRIVPORTS -j ACCEPT
ipchains -A input -i $EXTERNAL_INTERFACE -p tcp \
-s $ANYWHERE $SSH_PORTS \
-d $IPADDR 22 -j ACCEPT
ipchains -A output -i $EXTERNAL_INTERFACE -p tcp ! -y \
-s $IPADDR 22 \
-d $ANYWHERE $SSH_PORTS -j ACCEPT
# SSH client (22)
# ---------------
ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y \
-s $ANYWHERE 22 \
-d $IPADDR $UNPRIVPORTS -j ACCEPT
ipchains -A output -i $EXTERNAL_INTERFACE -p tcp \
-s $IPADDR $UNPRIVPORTS \
-d $ANYWHERE 22 -j ACCEPT
At 9:34 PM -0500 11/25/1999, Michael J. McGillick wrote:
>Evening again:
>
>Almost there :)
>
>Anyone know how to set up the rules to allow ssh through my firewall with
>ipchains? I seem to have everything else working, but can't figure out
>what I'm doing wrong with the accept rule for ssh. According to
>/etc/services, ssh is running on 22 for both tcp and udp. So, I added the
>following two statements:
>
> /sbin/ipchains -A input -p tcp -i eth0 -s 0.0.0.0/0 \
> -d 24.218.83.113 22 -j ACCEPT
>
> /sbin/ipchains -A input -p udp -i eth0 -s 0.0.0.0/0 \
> -d 24.218.83.113 22 -j ACCEPT
[snip]
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
