[Solved] Did the iptables tutorial - SSH doesn't work
Hi
I followed the https://wiki.archlinux.org/index.php/Si … l_Firewall tutorial and added
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT
(like cactus suggested in https://bbs.archlinux.org/viewtopic.php?pid=69595).
Sadly I still can't connect to the ssh server on my linux box, I immediately get a "connection refused".
This is my iptables.rules
]$ cat vim /etc/iptables/iptables.rules
cat: vim: No such file or directory
# Generated by iptables-save v1.4.10 on Mon Apr 11 21:20:30 2011
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [4:304]
:TCP - [0:0]
:UDP - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -p ipv6 -j ACCEPT
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -m conntrack --ctstate NEW -j ACCEPT
-A INPUT -p udp -m conntrack --ctstate NEW -j UDP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j TCP
-A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p tcp -j REJECT --reject-with tcp-reset
-A INPUT -j REJECT --reject-with icmp-proto-unreachable
-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT
-A TCP -p tcp -m tcp --dport 80 -j ACCEPT
-A UDP -p udp -m udp --dport 53 -j ACCEPT
COMMIT
# Completed on Mon Apr 11 21:20:30 2011
By turning OFF iptables, SSH works again. So something must be wrong?
Thanks!
Last edited by cyberius (2011-04-11 22:06:54)
The guide sets up two chains for opening TCP and UDP ports, you've currently opened port 80 TCP and port 53 UDP:
-A TCP -p tcp -m tcp --dport 80 -j ACCEPT
-A UDP -p udp -m udp --dport 53 -j ACCEPT
You should remove those if you're not running a web server/dns server - in fact, just change --dport 80 to --dport 22 for ssh and then get rid of the line opening port 53 UDP.
https://wiki.archlinux.org/index.php/Si … PEN_chains
You can use this to open a TCP port at any time:
iptables -A TCP -p tcp --dport ### -j ACCEPT
Or to open a range of ports:
iptables -A UDP -p udp --dport 1630:1638 -j ACCEPT
Or just several ports:
iptables -A TCP -p tcp -m multiport --dports 80,1720,7777 -j ACCEPT
Last edited by thestinger (2011-04-11 21:12:27)
Similar Messages
-
when I use Mail and want to paste an emailadress with a right mouse click in the adres field this doesn't work, ofcourse cmd V works. How can I solve this
YAY! That did it.
Thank you so much.
And a Very Happy and Prosperous New Year to you!
bonnie -
[solved] SSH doesn't work over PPTP VPN with pptpclient
I just got set up with access to my work's PPTP VPN. Using pptpclient I can establish a connection and ping servers. I can use telnet to confirm ports 22, 80 etc are accessible and I can access web services in my browser, but SSH doesn't work.
When I try and SSH to a server it just hangs for a minute and then "Connection closed by 10.70.11.10". Wondering if SSH was using my default route rather than the appropriate tunnel, I tried setting my default route to use the VPN, and ping, telnet, nmap etc still seem to function and return expected results, but SSH still hangs and closes. There are no entries in the sshd log on the servers that I attempted to get access to. I have both Arch and CentOS servers and I cannot get to either via SSH.
My colleague connected to the VPN on his mobile phone and managed to SSH to a server, so it doesn't seem that the VPN is blocking this... any ideas?
Thanks
[update]
Solved! I found that in /etc/ppp/options, un-commenting -mru fixed this for me:
# Disable MRU [Maximum Receive Unit] negotiation (use default, i.e.
# 1500).
-mru
[/update]
Last edited by jsteel (2014-08-10 20:06:31)targetbsp wrote:
summit48 wrote:
Windows10 has hijacked the back end believing every Laptop and Desktop PC is a Smartphone. What do you mean by that?Windows 10: Microsoft under attack over privacyhttp://www.theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings In the "one size fits all" philosophy of Microsoft there is no distinction between a smartphone and a PC. You might turn some of these privacy setting on for a smartphone but not on a PC. -
I Try to open an Indesign document. The message: it is made in a newer version. Go tot CC: Help/Give your Adobe id/Start Indesign again and try to open the document. This doesn’t work. How to solve this problem?
What version are you running?
What version was it made with? -
when updated to 9.1.7 from 9. I need new serial and the old serial number doesn't work. How can i solve this?
There was no new serial needed to update from Logic 9 to 9.1.7
If your Logic 9 was an upgrade from Logic 8 it may be asking you for your original Logic 8 Full serial first and then your Logic 9 Upgrade serial...
Otherwise, it's best to call Apple directly and get them to help you... -
When I try to restore my iPod, it stops restoring at the same place and doesn't work. How do I fix this and make it completely restore itself?
Did you make sure that your security software allows iTunes to contact Apple during the restore process? http://support.apple.com/kb/TS3125
-
i need to use an hp 6215 printer with my mac book pro. the driver installation disk doesn't work. where can i get a driver that will work?
With the Lion it is essentially unnecessary to resort to external driver disks. What's more, most of those disks are incompatible with the OS and should not be used. The system already carries a wide variety of printer description files (aka PPDs, which is what modern printing systems use as "drivers") for a lot of brands. And there was an HP printer update just two days ago.
Just checked in mine and did indeed find that the HP OfficeJet 6200 Series, with or without Fax, is covered with the latest update.
So just go thru the motions of creating a proper printer instance:
Make sure the Mac "sees" the printer on the network.
System Preferences / Print & Scan
Click on the + button on the left column
Select the appropriate type of printer, will use IP for the rest of this
Select HP Jetdirect - Socket, default for HP network printers
Type the IP address or look it up
Name the printer for easy identification on the print dialog
Let the Mac identify the printer model or manually choose the driver
Click Add.
Once the instance pops up in the list, can click on Options & Supplies for further config. -
When I am on a call and I come to hang up, the phone which when to my ear has a black screen, starts to light up so I can see and click the hang up button, but it then blacks out intermittently and in the brief moments it is lit up, the hang up button doesn't work unless I press the home or lock buttons first
Wow- thanks Jim! I removed the case and voila... it worked. Knock on wood that you solved my problem with such an incredibly simple solution. I'll find out where this proximity sensor is and make sure my case does not interfere with it.
Thanks so much.
Annick -
The mouse scroll wheel doesn't work with Xorg
I recently installed Solaris 10 on my x86 box. One issue is that the mouse scroll wheel doesn't work with Xorg. Hmmm... Okay, it sometimes did work, and most of the time went on strike, and recovered at random. This pattern continued.
My mouse is an ordinary PS/2 one with two buttons and a scroll wheel. I want to promise that there's absolutely nothing wrong with it per se. Here is some info:
$ uname -a
SunOS arbiter 5.10 Generic_127112-07 i86pc i386 i86pc
$ grep -i mouse /var/log/Xorg.0.log
(**) |-->Input Device "Mouse0"
(II) LoadModule: "mouse"
(II) Loading /usr/X11/lib/modules/input//mouse_drv.so
(II) Module mouse: vendor="X.Org Foundation"
(==) NVIDIA(0): Silken mouse disabled
(II) Mouse0: Setting Device option to "/dev/mouse"
(**) Mouse0: Protocol: VUID
(**) Mouse0: Core Pointer
(**) Option "Device" "/dev/mouse"
(**) Mouse0: ZAxisMapping: buttons 4 and 5
(**) Mouse0: Buttons: 9
(II) XINPUT: Adding extended input device "Mouse0" (type: MOUSE)
# The section about mouse in /etc/X11/xorg.conf follows:
Section "InputDevice"
Identifier "Mouse0"
Driver "mouse"
Option "Protocol" "auto"
Option "Device" "/dev/mouse"
Option "Buttons" "5"
Option "ZAxisMapping" "4 5"
Option "Emulate3Buttons" "false"
EndSection
# Note that the only result of explicitly changing protocol to ExplorerPS/2, PS/2, IMPS/2 or whatever else is that the cursor jumped here and there and everywhere when I moved the mouse.I ever post one in comp.unix.solaris to ask for help but got no effective solution. Thank you all.You remember correctly, Yvan.
The 6.2.9 updater is available http://www.apple.com/support/downloads/appleworks629formac.htmlhere. Note that the updater is language specific. The one at the top of the list is for the International English version of AppleWorks. The US English version is the one in the box at the upper right, identified only by its file size.
Regards,
Barry -
Logic pro x native instrument issue: the vintage B3 organ doesn't work at all!
I installed logic pro x, and the vintage B3 organ doesn't work at all! Oddest thing? Help?
Yes, the little blue power "button" is pressed in the window for the organ.
Yes, my other instruments seem to be working just fine...OK, I solved my problem - I don't know why I didn't see the other responses on this earlier. Turns out the midi output has to be set to channel 1....
-
Hello, I've upgraded my Ipad2 to iOS7. I'm facing two major problems. First, I can't connect to the internet(which seems like a common problem), no Wifi connectivity as well. Second, the Autocad WS app doesn't work. It keeps asking for a username/passcode combination. Please help me guys. I will be genuinely grateful.
CheersDoes my problem has anything to do with SSL for mail settings? Cause when I tried re-adding it says something that I should try without SSL, and I did what you said and it gives me this "The IMAP server pop.mail.yahoo.com is not responding. Check your network connection and that you entered the correct information in the incoming mail server field". Ahh.. this is so annoying, Apple what are you doing to me?! Or is Yahoo doing this to me?!
Thank you for your time. Sorry it doesn`t work. -
I bought and iPad 3 in Australia and after returning to England the 4g LTE coverage doesn't work
It may or may not be possible to verify the usage of such a technology device. And where did you get the idea that it costs $10 to manufacture and sell an iPad? I think the parts cost alone was $260, not counting manufacturing, shipping, storage, retail space, salespersons, helpdesk support, all the other overhead costs, etc. etc.
With so many people out there trying to scam the system, it will be an uphill battle to try to convince anyone that you bought it and didn't open the box for 14 months. That's very unusual.
At some point, the store you bought something from (in this case it was Apple) has to say no. What if it had been unopened for 2 years, or five years, or 20 years? This is what the warranty period is all about. It starts on the day you buy it and ends at the end of the warranty period, regardless of usage.
I am sympathetic to your plight but if you are able to get a new iPad (refurbished would be more likely), it will be through the kindness of Apple going above and beyond. If you do not get one, it is not Apple's fault you waited this long and there is no requirement for them to replace it. -
How can I add a new Template to My Templates in Pages? I've read most of the discussions on the subject but it doesn't work for me. By the time I reach the Templates folder, I only see templates for Numbers and not for Pages. Need help, please. Thanks
Si vous avez utilisé la commande Save As Template depuis Pages, il y a forcément un dossier
iWork > Pages
contenant Templates > My Templates
comme il y a un dossier
iWork > Numbers
contenant Templates > My Templates
Depuis le Finder, tapez cmd + f
puis configurez la recherche comme sur cette recopie d'écran.
puis lancez la recherche.
Ainsi, vous allez trouver vos modèles personnalisés dans leur dossier.
Chez moi, il y en a une kyrielle en dehors des dossiers standards parce que je renomme wxcvb.template quasiment tous mes documents Pages et wxcvb.nmbtemplate à peu près tous mes documents Numbers.
Ainsi, quand je travaille sur un document, je ne suis pas ralenti par Autosave.
Désolé mais je ne répondrai plus avant demain.
Pour moi il est temps de dormir.
Yvan KOENIG (VALLAURIS, France) mercredi 23 janvier 2011 22:39:28
iMac 21”5, i7, 2.8 GHz, 4 Gbytes, 1 Tbytes, mac OS X 10.6.8 and 10.7.2
My iDisk is : <http://public.me.com/koenigyvan>
Please : Search for questions similar to your own before submitting them to the community -
Hi there,
As you see in the heading, I am getting the error "Unable to open file because it isn't a valid Keynote document". There has been a number of threads on this and there seems to be a usual work around that works in many cases, by changing the file extension to .zip and then looking for the index file and making some more extension changes...unfortunately, in my case (and it also happened to others), there is no index file, so the usually suggested solution doesn't work...Can someone please help? I am working on a tight deadline and would like to try and recover the file.
Thanks a lot in advance.
Best,
Just a regular apple user
PS: any other presentation opens fine in Keynote (09)Have you tried to create a new Keynote Presentation? Do you have another previously saved Keynote file you can try to open? These will make sure it is a problem with this specific presentation and not the whole program.
Try to delete the Keynote Preferences. They are located in the folder Macintosh HD>Users>your username>Library>Preferences and titled com.apple.iWork.Keynote.plist.
Your profile shows that you are still on Mc OS 10.6.6, is that true? You might try to update to 10.6.7 as I believe that there was a font issue fixed in this update (I don't know for sure since I am still on 10.5.8).
Try those and report back and we will see what we can come up with. -
how can I acess my ipad content from the pc, without enter the security code on ipad? I broke the screen and it doesn´t work. theres a way to enter the code on the pc? thank you
No. Get it fix by making an appointment with the Apple genius bar.
Maybe you are looking for
-
I get a blank white screen when I try to play games on Club Pogo
as stated earlier, when I go to club pogo, all I get is a blank white screen, firefox will go to site but will not load the games,
-
Delivery Complete Indicator in PO
Dear Experts , I have manually ticked the delivery complete indicator in the delivery Tab in the PO . I had ordered 100 qty . Did the gr for 50 & now i dont expect any delivery. But when i try to do a GR against the PO ,the system still allows to pr
-
How to install a 32-bit Adobe Audition 3.0 on a 64-bit Laptop
I bought a 32-bit adobe audition 3.0.The laptop I have is 64 bit and I've been unable to load the 3.0. What can I do please?
-
ABAP or FM for post-processing of infopackage
Gurus, Does anyone know the name of the ABAP program or function module that handles the post-processing of an info-package. For instance, we have an infopackage that needs to delete prior reqeusts where the selection criteria match. The infopackag
-
Need help sorting /consolidating music. 3 external hard drives 25000+ songs
i have 3 external hard drives 1 terabite each. over 2000 complete albums. i may have 20 different folders or files of music spread over each drive. how do i clean up the music. example (folder a)has 700 albums and 1000 single songs by various artists