On Wednesday 01 December 2004 10:58 pm, Alex White wrote:
Have you checked your firewall settings? It really does sound like a firewalling problem. Although you may have tried that already, I don't see it mentioned anywhere. Usually if it's a firewall problem, you'll get a connection refused error though. Depends on the client you are using for sshing into the box. What client -are- you using anyhow?
Yeah... that's it all right. The guy who runs the local LUG here told me how to disable iptables to test and once I did that, I was able to get right in. Now, all I need to know is how to enable SSH and still have the rest of the iptables running! I'm afraid I never learned how to write iptables (or ipchains for that matter) rules.
Thanks
John
If you emacs /etc/sysconfig/iptables, you will see some various input. From here you can add the following:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
There is going to be some line wrapping issues with that, just type it all on one line, (Don't hit return). The line will wrap automatically depending on how big the window is for emacs. Of course use the editor of your choice. As a sample of what my /etc/sysconfig/iptables lookes like, here is a section:
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
Note that the ssh and ftp port in my iptables setup comes -after- the rule which allows already established connections out from my machine back in. (Alexander can expound upon this if you don't know what the duece I'm talking about, or I will depending on which one of us gets the question first hehe).
HTH
Alex White
