IPTABLES - No SSH....

[BIS]

Hallo,

Has anybody got any idea why the below iptables stuff does not allow me to ssh to the server?


iptables -A INPUT -i $EXTERNAL_INTERFACE -p tcp --source-port $SSH_REMOTE_PORTS -d $IPADDR --destination-port 22 -j ACCEPT
iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p tcp ! --syn -s $IPADDR --source-port 22 --destination-port $SSH_REMOTE_PORTS -j ACCEPT

where SSH_REMOTE_PORTS="513:65535"

?

 

[whmicro]

I really don't see anything wrong with it but, I would write it like this:

iptables -A INPUT -i $EXT_NIC -p tcp --dport 22
-m state --state NEW -j ACCEPT

iptables -A INPUT -o $EXT_NIC -p tcp --sport 22
-m state --state ESTABLISHED,RELATED -j ACCEPT

Let me know if this helped, hope it does.

 

[BIS]

Many thanks for your input.

Unfortunately I can still not connect via ssh with IPTABLES running. Probably some other part of my script is blocking it...

By the way , I assume that the second line, INPUT, you mean OUTPUT?

Would somebody mind looking at my iptables script to see if they can spot it?