[PLUG] Linux firewall, ssh, and NAT question
Terry Griffin
griffint at pobox.com
Fri Jul 11 14:33:02 UTC 2003
On Fri, Jul 11, 2003 at 01:33:37PM -0700, Matt Alexander wrote:
> >>If I have a Linux firewall (iptables) doing NAT, does that mean I can't
> >>ssh directly to it from the outside? Do I have to port-forward ssh to
> >>another machine and then ssh into the firewall using the internal
> >>interface?
> >>
> >
> > You may need rules to allow ssh to your external interface and it's
> > important to realize that ssh itself does it's own blocking apart
> > from what iptables does at the packet level. Ssh needs to be
> > configured to allow connections from the outside.
>
> Hmm... Well, I'm using Arno's IPTables Firewall Script:
> http://freshmeat.net/projects/iptables-firewall/?topic_id=151
>
> I modified the config file to allow connections to port 22/tcp|udp, but I
> still can't SSH in. So I thought that maybe having NAT enabled would make
> connections directly to the box impossible from the outside... any NAT
> experts out there?
>
No, NAT shouldn't interfere with SSH'ing to the box that's doing the
NATing, but there could be some other iptables setting that are
interfering with SSH. You should be able to track this down by adding
some iptables logging rules just prior to the equivalent deny rules.
Terry
--
Terry Griffin <griffint at pobox.com>
http://www.blindchicken.com/~terryg/
More information about the PLUG
mailing list