> Anyone know how to set up the rules to allow ssh through my firewall with
> ipchains? I seem to have everything else working, but can't figure out
> what I'm doing wrong with the accept rule for ssh. According to
> /etc/services, ssh is running on 22 for both tcp and udp. So, I added the
> following two statements:
>
> /sbin/ipchains -A input -p tcp -i eth0 -s 0.0.0.0/0 \
> -d 24.218.83.113 22 -j ACCEPT
>
> /sbin/ipchains -A input -p udp -i eth0 -s 0.0.0.0/0 \
> -d 24.218.83.113 22 -j ACCEPT
>
> Am I doing something glaringly wrong?
It's possible that your firewall is letting the connections through
(the above looks OK)
but that additional access rules in sshd are disallowing the connection.
Sshd can be built to use the access routines from tcpd; the versions
from ftp.replay.com
(now ftp.zedz.com) are built this way. This causes sshd to use
/etc/hosts.allow and
/etc/hosts.deny to decide if a connection should be allowed (see "man 5
hosts_access" and "man
hosts_options" for more details). If there is a message in
/var/log/messages that looks
something like:
Nov 3 07:30:07 myhost sshd[14604]: refused connect from
somehost.somewhere.com
where "somehost.somewhere.com" is the site that you're trying to connect
from, then the sshd that
you're using uses the tcpd access rules and you need to change
/etc/hosts.allow.
Sshd can also deny access based on settings in sshd_config (located in
"/etc" if you're
using the "replay" rpm). See "man sshd" for more info. This is less
likely to be the cause of
your problem; the settings in the default version of ssh_config don't
restrict access by host
address.
--
Wes Chalfant Peabody Systems [EMAIL PROTECTED]
(714) 639-8643 FAX (714) 639-2817
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
