Hi there.
I've got a simple question regarding ssh configuration.
Reading the documentation and googling, It seems that to enable ssh is
the simple thing in the world, I've got this.
$IPTABLES -A INPUT -i $ETH_PRIMARY -p tcp -s $ANY_MACHINE\
--dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
With this rule I can connec to the machine, so far so good, now if I
want to do scp or to scp to another machine I get blocked,
I permit ALL the output chain.
The only way I'm able to do ssh to another host or do scp is by adding this
$IPTABLES -A INPUT -i $ETH_PRIMARY -p tcp -s $ANY_MACHINE\
--sport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
So I've got this
8 560 ACCEPT tcp -- eth0 * 0.0.0.0/0
0.0.0.0/0 tcp dpt:22 state NEW,ESTABLISHED
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0
0.0.0.0/0 tcp spt:22 state NEW,ESTABLISHED
With this two rules I can ssh to another host and do scp, I'm confused
cuz all the examples I've been reading do not
talk to enable both, only destination port.
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Is this the right way or I'm missing reading something?
Thanks in advance
Best Regards
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
