Linux.com

SSH Login Problem

Link to this post 03 Dec 09

hi this is dinesh,

Am having a strange problem. Am using this firewall to my ISP server, I cant access my Global IP in other network. Am using 1 block of Global IP to incoming, and another block of Global IP for customers and other server. What is the problem while i trying customers and other servers global IP in other network cant ssh login and pinging (it displays TTL time expired). Please give me an alternate firewall scripts.
dp
filter
# Firewall configuration

/sbin/depmod -a
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe iptable_filter
/sbin/modprobe iptable_mangle
/sbin/modprobe iptable_nat
/sbin/modprobe ipt_LOG
/sbin/modprobe ipt_limit
/sbin/modprobe ipt_state
/sbin/modprobe ipt_owner
/sbin/modprobe ipt_REJECT
/sbin/modprobe ipt_MASQUERADE
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_conntrack_irc
/sbin/modprobe ip_nat_irc
echo "1" > /proc/sys/net/ipv4/ip_forward

iptables -P FORWARD DROP
iptables -A FORWARD -s 0/0 -p icmp -j ACCEPT
iptables -A FORWARD -s 192.168.0.0/24 -j ACCEPT
###############################################################################
# USER LIST
################################################################################

###############################################################################
iptables -A FORWARD -p udp -s 0/0 -m multiport --dports 500,4005,8000,543,50,51,1723,6565,1733,8181,5900,587,2525,80 -j ACCEPT
iptables -A FORWARD -p tcp -s 0/0 -m multiport --dports 500,4005,8000,543,50,51,1723,6565,8181,5900,587,2525,80 -j ACCEPT
###############################################################################

###############################################################################
##squid
#iptables -t nat -A PREROUTING -p TCP --dport 80 -j REDIRECT --to-ports 3128
#iptables -t nat -A PREROUTING -p TCP --dport 8080 -j REDIRECT --to-ports 3128
#iptables -t nat -A PREROUTING -p TCP --dport 80 -s 192.168.0.0/24 -j REDIRECT --to-ports 3128
###############################################################################
####################### DON'T DELETE ME #######################################
iptables -A FORWARD -p icmp -i eth1 -s 0/0 -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -s 0/0 --dport 80 -j TOS --set-tos Maximize-Throughput
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
################################################################################
################################################################################
iptables -t nat -A POSTROUTING -p all -j SNAT --to-source *.*.*.*
###############################################################################
pls convey my problem.
Thanking You,
With regards,
Dine...

Link to this post 04 Dec 09

I beleive that I have found the problem, but I would like you to paste the output of "iptables -L -v -n --line-numbers" before I state my assumption.

Link to this post 02 Feb 10

By what I am seeing the order of the following lines is incorrect:

iptables -P FORWARD DROP
iptables -A FORWARD -s 0/0 -p icmp -j ACCEPT
iptables -A FORWARD -s 192.168.0.0/24 -j ACCEPT

You are starting out your forwarding by telling it to drop all forwarding traffic, that line should be after the accept list(s), but as stated before the output of the previously listed command will confirm the true processing order of your firewall since I doubt those are all of your rules.

Link to this post 12 Jun 10

thank u....sir,
i got correct rules.

Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Join / Linux Training / Board