Basically i've got a log rule before the drop in my script , but i didn't want to create a large post.
Very good poing though to check the logs . I should have done it before posting
here. That's why are log target is for. Regards
On Sun, November 13, 2005 23:44, P theodorou wrote: > Hello > > i'm testing my SSH server from an external IP (my mate's pc) > and i've noticed than whenever i allow connections on eth0 with dport > 22 i can see the username login page BUT, if apply the following > rules the usual user name cannot be displayed > > $IPTABLES -A TCPbad -p tcp --tcp-flags SYN,ACK SYN,ACK -m state > --state NEW -j REJECT --reject-with tcp-reset > $IPTABLES -A TCPbad -p tcp ! --syn -m state --state NEW -j DROP > $IPTABLES -A TCPbad -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP > $IPTABLES -A TCPbad -p tcp --tcp-flags SYN,RST SYN,RST -j DROP > $IPTABLES -A TCPbad -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP > $IPTABLES -A TCPbad -p tcp --tcp-flags ALL FIN -j DROP > $IPTABLES -A TCPbad -p tcp --tcp-flags ALL NONE -j DROP > $IPTABLES -A TCPbad -p tcp --tcp-flags ALL ALL -j DROP > > any help very appreciated I don't know what rule would cause that, but you could of course add a logging rule before each DROP so you know which rule is the problem. Or, start without these rules, and add them each at a time so you can test when ssh doesn't work anymore. Gr, Rob
