NetFilter
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

can't ssh outside with OUTPUT (policy ACCEPT)

from [Maxim Veksler] [Permanent Link][Original]
To: netfilter@lists.netfilter.org
Subject: can't ssh outside with OUTPUT (policy ACCEPT)
From: "Maxim Veksler" <hq4ever@gmail.com>
Date: Wed, 8 Aug 2007 19:42:09 +0300
Delivered-to: sp-com-lists@consult.net
Delivered-to: netfilter-list1@securepoint.com
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=Mo+39S1mdOfE4jSjUTSHJpl5FrCIzcOGTXs48AHXph0w01b0ac5rdmUkGFRogzfSILt3lpc/RmaOqMTFworqlZ9vMjluY1ZoPPDFc+IyongCQp+PdwkNu7BeEP7ng9CiWp+hR9f/YxCdiNMiQfXwfLyJw0aLue+48tDONZneoqw=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=LhHWl47KYzn4t7MtvYPjYTQnjY9Cfr/gZX+7OVaxkWyrZLyIn1cRZHXP8s3jq2GB4+fsz4yE6CGHCFGM1z0qqsF9OQHDUpwYyuIdYc5aq/s/N+K8u+HK5ASMmh39Bm65s3v/nJBWeogxqGAexHU7/7QgAxnFNClhhl27cjglz38=
List-archive: </pipermail/netfilter>
List-help: <mailto:netfilter-request@lists.netfilter.org?subject=help>
List-id: General discussion and user questions <netfilter.lists.netfilter.org>
List-post: <mailto:netfilter@lists.netfilter.org>
List-subscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
List-unsubscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
Sender: netfilter-bounces@lists.netfilter.org 
Hello,

Follwing a recent theread on this list, I've configued my firewall to
allow incoming traffic from specific IP's only. Now I can't ssh
outside, could some please explain why this happening ?

The system is redhat 4.

[root@prd-001 ~]# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  xxx.114.183.1        anywhere
ACCEPT     all  --  yyy.8.145.182        anywhere
ACCEPT     all  --  zzz.68.137.158       anywhere
ACCEPT     all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

[root@prd-001 ~]# iptables-save
# Generated by iptables-save v1.2.11 on Wed Aug  8 19:26:51 2007
*filter
:INPUT DROP [110564:24802104]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [637061:352312072]
-A INPUT -s xxx.114.183.1 -j ACCEPT
-A INPUT -s yyy.8.145.182 -j ACCEPT
-A INPUT -s zzz.68.137.158 -j ACCEPT
-A INPUT -i lo -j ACCEPT
COMMIT
# Completed on Wed Aug  8 19:26:51 2007


Trying to ssh to "aaa.bbb.216.35" fails with timeout, looking at
tcpdump on the otherside shows no TCP handshack is made.

Thank you for your help,
Maxim.

-- 
Cheers,
Maxim Veksler

"Free as in Freedom" - Do u GNU ?
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: ip_conntrack growing indefinitely, fd4
Next by Date:  Re: queue_max_length configuration, Eric Leblond
Previous by Thread:  Re: ip_conntrack growing indefinitely, fd4
Next by Thread:  Re: can't ssh outside with OUTPUT (policy ACCEPT), Martijn Lievaart
Indexes:  [Date] [Thread] [Top] [All Lists]