configuration iptables pour ssh

Twitter iPhone pliant OnePlus 11 PS5 Disney+ Orange Livebox Windows 11

Entraide Linux Autres OS Linux configuration iptables pour ssh

3 réponses

cortexx

11/10/2004 à 10:02

depuis l'utilisation d'iptables en firewall je n'arrive plus a me connecté a
ssh depuis l'internet (fonctionne en local).
j'ai le message : ssh_exchange_identification : connection closed by remote
host

ma configuration d'iptables :

*nat
:PREROUTING ACCEPT [94092:5318301]
:POSTROUTING ACCEPT [1531:228506]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -o ppp0 -j MASQUERADE
COMMIT
# Completed on Mon Oct 11 09:53:08 2004
# Generated by iptables-save v1.2.11 on Mon Oct 11 09:53:08 2004
*filter
:INPUT DROP [89575:5015721]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 5900 -j ACCEPT
-A FORWARD -i ppp0 -o eth0 -p udp -m udp --sport 53 -j ACCEPT
-A FORWARD -i eth0 -o ppp0 -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -i ppp0 -o eth0 -p tcp -m tcp --sport 53 -j ACCEPT
-A FORWARD -i eth0 -o ppp0 -p tcp -m tcp --dport 53 -j ACCEPT
-A FORWARD -i eth0 -o ppp0 -m state --state NEW,RELATED,ESTABLISHED -j
ACCEPT
-A FORWARD -i ppp0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o ppp0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m tcp --sport 22 -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m tcp --sport 80 -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m tcp --sport 5900 -j ACCEPT
COMMIT

merci d'avance

3 réponses

Arnaud

11/10/2004 à 13:09

cortexx wrote:

depuis l'utilisation d'iptables en firewall je n'arrive plus a me connecté a
ssh depuis l'internet (fonctionne en local).
j'ai le message : ssh_exchange_identification : connection closed by remote
host

ma configuration d'iptables :

*nat
:PREROUTING ACCEPT [94092:5318301]
:POSTROUTING ACCEPT [1531:228506]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -o ppp0 -j MASQUERADE
COMMIT
# Completed on Mon Oct 11 09:53:08 2004
# Generated by iptables-save v1.2.11 on Mon Oct 11 09:53:08 2004
*filter
:INPUT DROP [89575:5015721]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 5900 -j ACCEPT
-A FORWARD -i ppp0 -o eth0 -p udp -m udp --sport 53 -j ACCEPT
-A FORWARD -i eth0 -o ppp0 -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -i ppp0 -o eth0 -p tcp -m tcp --sport 53 -j ACCEPT
-A FORWARD -i eth0 -o ppp0 -p tcp -m tcp --dport 53 -j ACCEPT
-A FORWARD -i eth0 -o ppp0 -m state --state NEW,RELATED,ESTABLISHED -j
ACCEPT
-A FORWARD -i ppp0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o ppp0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m tcp --sport 22 -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m tcp --sport 80 -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m tcp --sport 5900 -j ACCEPT
COMMIT

merci d'avance

- m tcp ?? kezako.

-p tcp -m state --state [ETAT1,ETAT2,ETAT3] -j ACCEPT.

a+ Arnaud

no_spam

11/10/2004 à 23:56

On Mon, 11 Oct 2004 13:09:50 +0200, Arnaud wrote:

cortexx wrote:

depuis l'utilisation d'iptables en firewall je n'arrive plus a me connecté a
ssh depuis l'internet (fonctionne en local).
j'ai le message : ssh_exchange_identification : connection closed by remote
host

ma configuration d'iptables :

*nat
:PREROUTING ACCEPT [94092:5318301]
:POSTROUTING ACCEPT [1531:228506]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -o ppp0 -j MASQUERADE
COMMIT
# Completed on Mon Oct 11 09:53:08 2004
# Generated by iptables-save v1.2.11 on Mon Oct 11 09:53:08 2004
*filter
:INPUT DROP [89575:5015721]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 5900 -j ACCEPT
-A FORWARD -i ppp0 -o eth0 -p udp -m udp --sport 53 -j ACCEPT
-A FORWARD -i eth0 -o ppp0 -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -i ppp0 -o eth0 -p tcp -m tcp --sport 53 -j ACCEPT
-A FORWARD -i eth0 -o ppp0 -p tcp -m tcp --dport 53 -j ACCEPT
-A FORWARD -i eth0 -o ppp0 -m state --state NEW,RELATED,ESTABLISHED -j
ACCEPT
-A FORWARD -i ppp0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o ppp0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m tcp --sport 22 -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m tcp --sport 80 -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m tcp --sport 5900 -j ACCEPT
COMMIT

merci d'avance

Il ne manquerait pas une règle du genre :
${IPTABLES} -t nat -A PREROUTING -i ppp0 -p tcp
-m tcp --destination-port 22
-m state --state NEW,ESTABLISHED,RELATED
-j DNAT --to-destination <destination>:22 ;

- m tcp ?? kezako.

man iptables:
tcp extensions:
--source-port [!] port[:port]
--destination-port [!] port[:port]
--tcp-flags [!] mask comp
[!] --syn
--tcp-option [!] number
--mss value[:value]
(j'ai filtré les commentaires...)
=> filtre sur le contenu des entête tcp.

On Mon, 11 Oct 2004 13:09:50 +0200, Arnaud wrote:

cortexx wrote:

depuis l'utilisation d'iptables en firewall je n'arrive plus a me connecté a
ssh depuis l'internet (fonctionne en local).
j'ai le message : ssh_exchange_identification : connection closed by remote
host

ma configuration d'iptables :

*nat
:PREROUTING ACCEPT [94092:5318301]
:POSTROUTING ACCEPT [1531:228506]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -o ppp0 -j MASQUERADE
COMMIT
# Completed on Mon Oct 11 09:53:08 2004
# Generated by iptables-save v1.2.11 on Mon Oct 11 09:53:08 2004
*filter
:INPUT DROP [89575:5015721]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 5900 -j ACCEPT
-A FORWARD -i ppp0 -o eth0 -p udp -m udp --sport 53 -j ACCEPT
-A FORWARD -i eth0 -o ppp0 -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -i ppp0 -o eth0 -p tcp -m tcp --sport 53 -j ACCEPT
-A FORWARD -i eth0 -o ppp0 -p tcp -m tcp --dport 53 -j ACCEPT
-A FORWARD -i eth0 -o ppp0 -m state --state NEW,RELATED,ESTABLISHED -j
ACCEPT
-A FORWARD -i ppp0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o ppp0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m tcp --sport 22 -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m tcp --sport 80 -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m tcp --sport 5900 -j ACCEPT
COMMIT

merci d'avance

Il ne manquerait pas une règle du genre :
${IPTABLES} -t nat -A PREROUTING -i ppp0 -p tcp
-m tcp --destination-port 22
-m state --state NEW,ESTABLISHED,RELATED
-j DNAT --to-destination <destination>:22 ;

- m tcp ?? kezako.

man iptables:
tcp extensions:
--source-port [!] port[:port]
--destination-port [!] port[:port]
--tcp-flags [!] mask comp
[!] --syn
--tcp-option [!] number
--mss value[:value]
(j'ai filtré les commentaires...)
=> filtre sur le contenu des entête tcp.

Vous avez filtré cet utilisateur ! Consultez son message

On Mon, 11 Oct 2004 13:09:50 +0200, Arnaud wrote:

cortexx wrote:

depuis l'utilisation d'iptables en firewall je n'arrive plus a me connecté a
ssh depuis l'internet (fonctionne en local).
j'ai le message : ssh_exchange_identification : connection closed by remote
host

ma configuration d'iptables :

*nat
:PREROUTING ACCEPT [94092:5318301]
:POSTROUTING ACCEPT [1531:228506]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -o ppp0 -j MASQUERADE
COMMIT
# Completed on Mon Oct 11 09:53:08 2004
# Generated by iptables-save v1.2.11 on Mon Oct 11 09:53:08 2004
*filter
:INPUT DROP [89575:5015721]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 5900 -j ACCEPT
-A FORWARD -i ppp0 -o eth0 -p udp -m udp --sport 53 -j ACCEPT
-A FORWARD -i eth0 -o ppp0 -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -i ppp0 -o eth0 -p tcp -m tcp --sport 53 -j ACCEPT
-A FORWARD -i eth0 -o ppp0 -p tcp -m tcp --dport 53 -j ACCEPT
-A FORWARD -i eth0 -o ppp0 -m state --state NEW,RELATED,ESTABLISHED -j
ACCEPT
-A FORWARD -i ppp0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o ppp0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m tcp --sport 22 -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m tcp --sport 80 -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m tcp --sport 5900 -j ACCEPT
COMMIT

merci d'avance

Il ne manquerait pas une règle du genre :
${IPTABLES} -t nat -A PREROUTING -i ppp0 -p tcp
-m tcp --destination-port 22
-m state --state NEW,ESTABLISHED,RELATED
-j DNAT --to-destination <destination>:22 ;

- m tcp ?? kezako.

man iptables:
tcp extensions:
--source-port [!] port[:port]
--destination-port [!] port[:port]
--tcp-flags [!] mask comp
[!] --syn
--tcp-option [!] number
--mss value[:value]
(j'ai filtré les commentaires...)
=> filtre sur le contenu des entête tcp.

cortexx

12/10/2004 à 19:30

désolé je suis trop nul en iptables, c'est quoi les lignes de commande a
mettre ??
je met quoi dans <destination> ?

merci d'avance

"no_spam" a écrit dans le message de news:

On Mon, 11 Oct 2004 13:09:50 +0200, Arnaud wrote:

cortexx wrote:

depuis l'utilisation d'iptables en firewall je n'arrive plus a me
connecté a

ssh depuis l'internet (fonctionne en local).
j'ai le message : ssh_exchange_identification : connection closed by
remote

host

ma configuration d'iptables :

*nat
:PREROUTING ACCEPT [94092:5318301]
:POSTROUTING ACCEPT [1531:228506]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -o ppp0 -j MASQUERADE
COMMIT
# Completed on Mon Oct 11 09:53:08 2004
# Generated by iptables-save v1.2.11 on Mon Oct 11 09:53:08 2004
*filter
:INPUT DROP [89575:5015721]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 5900 -j ACCEPT
-A FORWARD -i ppp0 -o eth0 -p udp -m udp --sport 53 -j ACCEPT
-A FORWARD -i eth0 -o ppp0 -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -i ppp0 -o eth0 -p tcp -m tcp --sport 53 -j ACCEPT
-A FORWARD -i eth0 -o ppp0 -p tcp -m tcp --dport 53 -j ACCEPT
-A FORWARD -i eth0 -o ppp0 -m state --state NEW,RELATED,ESTABLISHED -j
ACCEPT
-A FORWARD -i ppp0 -o eth0 -m state --state RELATED,ESTABLISHED -j
ACCEPT

-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o ppp0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m tcp --sport 22 -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m tcp --sport 80 -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m tcp --sport 5900 -j ACCEPT
COMMIT

merci d'avance

Il ne manquerait pas une règle du genre :
${IPTABLES} -t nat -A PREROUTING -i ppp0 -p tcp
-m tcp --destination-port 22
-m state --state NEW,ESTABLISHED,RELATED
-j DNAT --to-destination <destination>:22 ;

- m tcp ?? kezako.

man iptables:
tcp extensions:
--source-port [!] port[:port]
--destination-port [!] port[:port]
--tcp-flags [!] mask comp
[!] --syn
--tcp-option [!] number
--mss value[:value]
(j'ai filtré les commentaires...)
=> filtre sur le contenu des entête tcp.

désolé je suis trop nul en iptables, c'est quoi les lignes de commande a
mettre ??
je met quoi dans <destination> ?

merci d'avance

"no_spam" <l_indien_no_more_spams@magic.fr> a écrit dans le message de news:
pan.2004.10.11.21.56.26.897515@magic.fr...

On Mon, 11 Oct 2004 13:09:50 +0200, Arnaud wrote:

cortexx wrote:

depuis l'utilisation d'iptables en firewall je n'arrive plus a me
connecté a

ssh depuis l'internet (fonctionne en local).
j'ai le message : ssh_exchange_identification : connection closed by
remote

host

ma configuration d'iptables :

*nat
:PREROUTING ACCEPT [94092:5318301]
:POSTROUTING ACCEPT [1531:228506]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -o ppp0 -j MASQUERADE
COMMIT
# Completed on Mon Oct 11 09:53:08 2004
# Generated by iptables-save v1.2.11 on Mon Oct 11 09:53:08 2004
*filter
:INPUT DROP [89575:5015721]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 5900 -j ACCEPT
-A FORWARD -i ppp0 -o eth0 -p udp -m udp --sport 53 -j ACCEPT
-A FORWARD -i eth0 -o ppp0 -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -i ppp0 -o eth0 -p tcp -m tcp --sport 53 -j ACCEPT
-A FORWARD -i eth0 -o ppp0 -p tcp -m tcp --dport 53 -j ACCEPT
-A FORWARD -i eth0 -o ppp0 -m state --state NEW,RELATED,ESTABLISHED -j
ACCEPT
-A FORWARD -i ppp0 -o eth0 -m state --state RELATED,ESTABLISHED -j
ACCEPT

-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o ppp0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m tcp --sport 22 -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m tcp --sport 80 -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m tcp --sport 5900 -j ACCEPT
COMMIT

merci d'avance

Il ne manquerait pas une règle du genre :
${IPTABLES} -t nat -A PREROUTING -i ppp0 -p tcp
-m tcp --destination-port 22
-m state --state NEW,ESTABLISHED,RELATED
-j DNAT --to-destination <destination>:22 ;

- m tcp ?? kezako.

man iptables:
tcp extensions:
--source-port [!] port[:port]
--destination-port [!] port[:port]
--tcp-flags [!] mask comp
[!] --syn
--tcp-option [!] number
--mss value[:value]
(j'ai filtré les commentaires...)
=> filtre sur le contenu des entête tcp.

Vous avez filtré cet utilisateur ! Consultez son message

désolé je suis trop nul en iptables, c'est quoi les lignes de commande a
mettre ??
je met quoi dans <destination> ?

merci d'avance

"no_spam" a écrit dans le message de news:

On Mon, 11 Oct 2004 13:09:50 +0200, Arnaud wrote:

cortexx wrote:

depuis l'utilisation d'iptables en firewall je n'arrive plus a me
connecté a

ssh depuis l'internet (fonctionne en local).
j'ai le message : ssh_exchange_identification : connection closed by
remote

host

ma configuration d'iptables :

*nat
:PREROUTING ACCEPT [94092:5318301]
:POSTROUTING ACCEPT [1531:228506]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -o ppp0 -j MASQUERADE
COMMIT
# Completed on Mon Oct 11 09:53:08 2004
# Generated by iptables-save v1.2.11 on Mon Oct 11 09:53:08 2004
*filter
:INPUT DROP [89575:5015721]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 5900 -j ACCEPT
-A FORWARD -i ppp0 -o eth0 -p udp -m udp --sport 53 -j ACCEPT
-A FORWARD -i eth0 -o ppp0 -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -i ppp0 -o eth0 -p tcp -m tcp --sport 53 -j ACCEPT
-A FORWARD -i eth0 -o ppp0 -p tcp -m tcp --dport 53 -j ACCEPT
-A FORWARD -i eth0 -o ppp0 -m state --state NEW,RELATED,ESTABLISHED -j
ACCEPT
-A FORWARD -i ppp0 -o eth0 -m state --state RELATED,ESTABLISHED -j
ACCEPT

-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o ppp0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m tcp --sport 22 -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m tcp --sport 80 -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m tcp --sport 5900 -j ACCEPT
COMMIT

merci d'avance

Il ne manquerait pas une règle du genre :
${IPTABLES} -t nat -A PREROUTING -i ppp0 -p tcp
-m tcp --destination-port 22
-m state --state NEW,ESTABLISHED,RELATED
-j DNAT --to-destination <destination>:22 ;

- m tcp ?? kezako.

man iptables:
tcp extensions:
--source-port [!] port[:port]
--destination-port [!] port[:port]
--tcp-flags [!] mask comp
[!] --syn
--tcp-option [!] number
--mss value[:value]
(j'ai filtré les commentaires...)
=> filtre sur le contenu des entête tcp.

configuration iptables pour ssh

3 réponses

Veuillez sélectionner un problème