depuis l'utilisation d'iptables en firewall je n'arrive plus a me connecté a
ssh depuis l'internet (fonctionne en local).
j'ai le message : ssh_exchange_identification : connection closed by remote
host
ma configuration d'iptables :
*nat
:PREROUTING ACCEPT [94092:5318301]
:POSTROUTING ACCEPT [1531:228506]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -o ppp0 -j MASQUERADE
COMMIT
# Completed on Mon Oct 11 09:53:08 2004
# Generated by iptables-save v1.2.11 on Mon Oct 11 09:53:08 2004
*filter
:INPUT DROP [89575:5015721]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 5900 -j ACCEPT
-A FORWARD -i ppp0 -o eth0 -p udp -m udp --sport 53 -j ACCEPT
-A FORWARD -i eth0 -o ppp0 -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -i ppp0 -o eth0 -p tcp -m tcp --sport 53 -j ACCEPT
-A FORWARD -i eth0 -o ppp0 -p tcp -m tcp --dport 53 -j ACCEPT
-A FORWARD -i eth0 -o ppp0 -m state --state NEW,RELATED,ESTABLISHED -j
ACCEPT
-A FORWARD -i ppp0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o ppp0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m tcp --sport 22 -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m tcp --sport 80 -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m tcp --sport 5900 -j ACCEPT
COMMIT
Cette action est irreversible, confirmez la suppression du commentaire ?
Signaler le commentaire
Veuillez sélectionner un problème
Nudité
Violence
Harcèlement
Fraude
Vente illégale
Discours haineux
Terrorisme
Autre
Arnaud
cortexx wrote:
depuis l'utilisation d'iptables en firewall je n'arrive plus a me connecté a ssh depuis l'internet (fonctionne en local). j'ai le message : ssh_exchange_identification : connection closed by remote host
ma configuration d'iptables :
*nat :PREROUTING ACCEPT [94092:5318301] :POSTROUTING ACCEPT [1531:228506] :OUTPUT ACCEPT [0:0] -A POSTROUTING -o ppp0 -j MASQUERADE COMMIT # Completed on Mon Oct 11 09:53:08 2004 # Generated by iptables-save v1.2.11 on Mon Oct 11 09:53:08 2004 *filter :INPUT DROP [89575:5015721] :FORWARD DROP [0:0] :OUTPUT DROP [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A INPUT -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i ppp0 -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -i ppp0 -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -i ppp0 -p tcp -m tcp --dport 5900 -j ACCEPT -A FORWARD -i ppp0 -o eth0 -p udp -m udp --sport 53 -j ACCEPT -A FORWARD -i eth0 -o ppp0 -p udp -m udp --dport 53 -j ACCEPT -A FORWARD -i ppp0 -o eth0 -p tcp -m tcp --sport 53 -j ACCEPT -A FORWARD -i eth0 -o ppp0 -p tcp -m tcp --dport 53 -j ACCEPT -A FORWARD -i eth0 -o ppp0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i ppp0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -o lo -j ACCEPT -A OUTPUT -o eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -o ppp0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -o ppp0 -p tcp -m tcp --sport 22 -j ACCEPT -A OUTPUT -o ppp0 -p tcp -m tcp --sport 80 -j ACCEPT -A OUTPUT -o ppp0 -p tcp -m tcp --sport 5900 -j ACCEPT COMMIT
merci d'avance
- m tcp ?? kezako.
-p tcp -m state --state [ETAT1,ETAT2,ETAT3] -j ACCEPT.
a+ Arnaud
cortexx wrote:
depuis l'utilisation d'iptables en firewall je n'arrive plus a me connecté a
ssh depuis l'internet (fonctionne en local).
j'ai le message : ssh_exchange_identification : connection closed by remote
host
ma configuration d'iptables :
*nat
:PREROUTING ACCEPT [94092:5318301]
:POSTROUTING ACCEPT [1531:228506]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -o ppp0 -j MASQUERADE
COMMIT
# Completed on Mon Oct 11 09:53:08 2004
# Generated by iptables-save v1.2.11 on Mon Oct 11 09:53:08 2004
*filter
:INPUT DROP [89575:5015721]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 5900 -j ACCEPT
-A FORWARD -i ppp0 -o eth0 -p udp -m udp --sport 53 -j ACCEPT
-A FORWARD -i eth0 -o ppp0 -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -i ppp0 -o eth0 -p tcp -m tcp --sport 53 -j ACCEPT
-A FORWARD -i eth0 -o ppp0 -p tcp -m tcp --dport 53 -j ACCEPT
-A FORWARD -i eth0 -o ppp0 -m state --state NEW,RELATED,ESTABLISHED -j
ACCEPT
-A FORWARD -i ppp0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o ppp0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m tcp --sport 22 -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m tcp --sport 80 -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m tcp --sport 5900 -j ACCEPT
COMMIT
merci d'avance
- m tcp ?? kezako.
-p tcp -m state --state [ETAT1,ETAT2,ETAT3] -j ACCEPT.
depuis l'utilisation d'iptables en firewall je n'arrive plus a me connecté a ssh depuis l'internet (fonctionne en local). j'ai le message : ssh_exchange_identification : connection closed by remote host
ma configuration d'iptables :
*nat :PREROUTING ACCEPT [94092:5318301] :POSTROUTING ACCEPT [1531:228506] :OUTPUT ACCEPT [0:0] -A POSTROUTING -o ppp0 -j MASQUERADE COMMIT # Completed on Mon Oct 11 09:53:08 2004 # Generated by iptables-save v1.2.11 on Mon Oct 11 09:53:08 2004 *filter :INPUT DROP [89575:5015721] :FORWARD DROP [0:0] :OUTPUT DROP [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A INPUT -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i ppp0 -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -i ppp0 -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -i ppp0 -p tcp -m tcp --dport 5900 -j ACCEPT -A FORWARD -i ppp0 -o eth0 -p udp -m udp --sport 53 -j ACCEPT -A FORWARD -i eth0 -o ppp0 -p udp -m udp --dport 53 -j ACCEPT -A FORWARD -i ppp0 -o eth0 -p tcp -m tcp --sport 53 -j ACCEPT -A FORWARD -i eth0 -o ppp0 -p tcp -m tcp --dport 53 -j ACCEPT -A FORWARD -i eth0 -o ppp0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i ppp0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -o lo -j ACCEPT -A OUTPUT -o eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -o ppp0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -o ppp0 -p tcp -m tcp --sport 22 -j ACCEPT -A OUTPUT -o ppp0 -p tcp -m tcp --sport 80 -j ACCEPT -A OUTPUT -o ppp0 -p tcp -m tcp --sport 5900 -j ACCEPT COMMIT
merci d'avance
- m tcp ?? kezako.
-p tcp -m state --state [ETAT1,ETAT2,ETAT3] -j ACCEPT.
a+ Arnaud
no_spam
On Mon, 11 Oct 2004 13:09:50 +0200, Arnaud wrote:
cortexx wrote:
depuis l'utilisation d'iptables en firewall je n'arrive plus a me connecté a ssh depuis l'internet (fonctionne en local). j'ai le message : ssh_exchange_identification : connection closed by remote host
ma configuration d'iptables :
*nat :PREROUTING ACCEPT [94092:5318301] :POSTROUTING ACCEPT [1531:228506] :OUTPUT ACCEPT [0:0] -A POSTROUTING -o ppp0 -j MASQUERADE COMMIT # Completed on Mon Oct 11 09:53:08 2004 # Generated by iptables-save v1.2.11 on Mon Oct 11 09:53:08 2004 *filter :INPUT DROP [89575:5015721] :FORWARD DROP [0:0] :OUTPUT DROP [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A INPUT -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i ppp0 -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -i ppp0 -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -i ppp0 -p tcp -m tcp --dport 5900 -j ACCEPT -A FORWARD -i ppp0 -o eth0 -p udp -m udp --sport 53 -j ACCEPT -A FORWARD -i eth0 -o ppp0 -p udp -m udp --dport 53 -j ACCEPT -A FORWARD -i ppp0 -o eth0 -p tcp -m tcp --sport 53 -j ACCEPT -A FORWARD -i eth0 -o ppp0 -p tcp -m tcp --dport 53 -j ACCEPT -A FORWARD -i eth0 -o ppp0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i ppp0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -o lo -j ACCEPT -A OUTPUT -o eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -o ppp0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -o ppp0 -p tcp -m tcp --sport 22 -j ACCEPT -A OUTPUT -o ppp0 -p tcp -m tcp --sport 80 -j ACCEPT -A OUTPUT -o ppp0 -p tcp -m tcp --sport 5900 -j ACCEPT COMMIT
merci d'avance
Il ne manquerait pas une règle du genre : ${IPTABLES} -t nat -A PREROUTING -i ppp0 -p tcp -m tcp --destination-port 22 -m state --state NEW,ESTABLISHED,RELATED -j DNAT --to-destination <destination>:22 ;
- m tcp ?? kezako.
man iptables: tcp extensions: --source-port [!] port[:port] --destination-port [!] port[:port] --tcp-flags [!] mask comp [!] --syn --tcp-option [!] number --mss value[:value] (j'ai filtré les commentaires...) => filtre sur le contenu des entête tcp.
On Mon, 11 Oct 2004 13:09:50 +0200, Arnaud wrote:
cortexx wrote:
depuis l'utilisation d'iptables en firewall je n'arrive plus a me connecté a
ssh depuis l'internet (fonctionne en local).
j'ai le message : ssh_exchange_identification : connection closed by remote
host
ma configuration d'iptables :
*nat
:PREROUTING ACCEPT [94092:5318301]
:POSTROUTING ACCEPT [1531:228506]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -o ppp0 -j MASQUERADE
COMMIT
# Completed on Mon Oct 11 09:53:08 2004
# Generated by iptables-save v1.2.11 on Mon Oct 11 09:53:08 2004
*filter
:INPUT DROP [89575:5015721]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 5900 -j ACCEPT
-A FORWARD -i ppp0 -o eth0 -p udp -m udp --sport 53 -j ACCEPT
-A FORWARD -i eth0 -o ppp0 -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -i ppp0 -o eth0 -p tcp -m tcp --sport 53 -j ACCEPT
-A FORWARD -i eth0 -o ppp0 -p tcp -m tcp --dport 53 -j ACCEPT
-A FORWARD -i eth0 -o ppp0 -m state --state NEW,RELATED,ESTABLISHED -j
ACCEPT
-A FORWARD -i ppp0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o ppp0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m tcp --sport 22 -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m tcp --sport 80 -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m tcp --sport 5900 -j ACCEPT
COMMIT
merci d'avance
Il ne manquerait pas une règle du genre :
${IPTABLES} -t nat -A PREROUTING -i ppp0 -p tcp
-m tcp --destination-port 22
-m state --state NEW,ESTABLISHED,RELATED
-j DNAT --to-destination <destination>:22 ;
- m tcp ?? kezako.
man iptables:
tcp extensions:
--source-port [!] port[:port]
--destination-port [!] port[:port]
--tcp-flags [!] mask comp
[!] --syn
--tcp-option [!] number
--mss value[:value]
(j'ai filtré les commentaires...)
=> filtre sur le contenu des entête tcp.
depuis l'utilisation d'iptables en firewall je n'arrive plus a me connecté a ssh depuis l'internet (fonctionne en local). j'ai le message : ssh_exchange_identification : connection closed by remote host
ma configuration d'iptables :
*nat :PREROUTING ACCEPT [94092:5318301] :POSTROUTING ACCEPT [1531:228506] :OUTPUT ACCEPT [0:0] -A POSTROUTING -o ppp0 -j MASQUERADE COMMIT # Completed on Mon Oct 11 09:53:08 2004 # Generated by iptables-save v1.2.11 on Mon Oct 11 09:53:08 2004 *filter :INPUT DROP [89575:5015721] :FORWARD DROP [0:0] :OUTPUT DROP [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A INPUT -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i ppp0 -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -i ppp0 -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -i ppp0 -p tcp -m tcp --dport 5900 -j ACCEPT -A FORWARD -i ppp0 -o eth0 -p udp -m udp --sport 53 -j ACCEPT -A FORWARD -i eth0 -o ppp0 -p udp -m udp --dport 53 -j ACCEPT -A FORWARD -i ppp0 -o eth0 -p tcp -m tcp --sport 53 -j ACCEPT -A FORWARD -i eth0 -o ppp0 -p tcp -m tcp --dport 53 -j ACCEPT -A FORWARD -i eth0 -o ppp0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i ppp0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -o lo -j ACCEPT -A OUTPUT -o eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -o ppp0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -o ppp0 -p tcp -m tcp --sport 22 -j ACCEPT -A OUTPUT -o ppp0 -p tcp -m tcp --sport 80 -j ACCEPT -A OUTPUT -o ppp0 -p tcp -m tcp --sport 5900 -j ACCEPT COMMIT
merci d'avance
Il ne manquerait pas une règle du genre : ${IPTABLES} -t nat -A PREROUTING -i ppp0 -p tcp -m tcp --destination-port 22 -m state --state NEW,ESTABLISHED,RELATED -j DNAT --to-destination <destination>:22 ;
- m tcp ?? kezako.
man iptables: tcp extensions: --source-port [!] port[:port] --destination-port [!] port[:port] --tcp-flags [!] mask comp [!] --syn --tcp-option [!] number --mss value[:value] (j'ai filtré les commentaires...) => filtre sur le contenu des entête tcp.
cortexx
désolé je suis trop nul en iptables, c'est quoi les lignes de commande a mettre ?? je met quoi dans <destination> ?
merci d'avance
"no_spam" a écrit dans le message de news:
On Mon, 11 Oct 2004 13:09:50 +0200, Arnaud wrote:
cortexx wrote:
depuis l'utilisation d'iptables en firewall je n'arrive plus a me connecté a
ssh depuis l'internet (fonctionne en local). j'ai le message : ssh_exchange_identification : connection closed by remote
host
ma configuration d'iptables :
*nat :PREROUTING ACCEPT [94092:5318301] :POSTROUTING ACCEPT [1531:228506] :OUTPUT ACCEPT [0:0] -A POSTROUTING -o ppp0 -j MASQUERADE COMMIT # Completed on Mon Oct 11 09:53:08 2004 # Generated by iptables-save v1.2.11 on Mon Oct 11 09:53:08 2004 *filter :INPUT DROP [89575:5015721] :FORWARD DROP [0:0] :OUTPUT DROP [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A INPUT -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i ppp0 -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -i ppp0 -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -i ppp0 -p tcp -m tcp --dport 5900 -j ACCEPT -A FORWARD -i ppp0 -o eth0 -p udp -m udp --sport 53 -j ACCEPT -A FORWARD -i eth0 -o ppp0 -p udp -m udp --dport 53 -j ACCEPT -A FORWARD -i ppp0 -o eth0 -p tcp -m tcp --sport 53 -j ACCEPT -A FORWARD -i eth0 -o ppp0 -p tcp -m tcp --dport 53 -j ACCEPT -A FORWARD -i eth0 -o ppp0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i ppp0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT -A OUTPUT -o eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -o ppp0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -o ppp0 -p tcp -m tcp --sport 22 -j ACCEPT -A OUTPUT -o ppp0 -p tcp -m tcp --sport 80 -j ACCEPT -A OUTPUT -o ppp0 -p tcp -m tcp --sport 5900 -j ACCEPT COMMIT
merci d'avance
Il ne manquerait pas une règle du genre : ${IPTABLES} -t nat -A PREROUTING -i ppp0 -p tcp -m tcp --destination-port 22 -m state --state NEW,ESTABLISHED,RELATED -j DNAT --to-destination <destination>:22 ;
- m tcp ?? kezako.
man iptables: tcp extensions: --source-port [!] port[:port] --destination-port [!] port[:port] --tcp-flags [!] mask comp [!] --syn --tcp-option [!] number --mss value[:value] (j'ai filtré les commentaires...) => filtre sur le contenu des entête tcp.
désolé je suis trop nul en iptables, c'est quoi les lignes de commande a
mettre ??
je met quoi dans <destination> ?
merci d'avance
"no_spam" <l_indien_no_more_spams@magic.fr> a écrit dans le message de news:
pan.2004.10.11.21.56.26.897515@magic.fr...
On Mon, 11 Oct 2004 13:09:50 +0200, Arnaud wrote:
cortexx wrote:
depuis l'utilisation d'iptables en firewall je n'arrive plus a me
connecté a
ssh depuis l'internet (fonctionne en local).
j'ai le message : ssh_exchange_identification : connection closed by
remote
host
ma configuration d'iptables :
*nat
:PREROUTING ACCEPT [94092:5318301]
:POSTROUTING ACCEPT [1531:228506]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -o ppp0 -j MASQUERADE
COMMIT
# Completed on Mon Oct 11 09:53:08 2004
# Generated by iptables-save v1.2.11 on Mon Oct 11 09:53:08 2004
*filter
:INPUT DROP [89575:5015721]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 5900 -j ACCEPT
-A FORWARD -i ppp0 -o eth0 -p udp -m udp --sport 53 -j ACCEPT
-A FORWARD -i eth0 -o ppp0 -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -i ppp0 -o eth0 -p tcp -m tcp --sport 53 -j ACCEPT
-A FORWARD -i eth0 -o ppp0 -p tcp -m tcp --dport 53 -j ACCEPT
-A FORWARD -i eth0 -o ppp0 -m state --state NEW,RELATED,ESTABLISHED -j
ACCEPT
-A FORWARD -i ppp0 -o eth0 -m state --state RELATED,ESTABLISHED -j
ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o ppp0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m tcp --sport 22 -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m tcp --sport 80 -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m tcp --sport 5900 -j ACCEPT
COMMIT
merci d'avance
Il ne manquerait pas une règle du genre :
${IPTABLES} -t nat -A PREROUTING -i ppp0 -p tcp
-m tcp --destination-port 22
-m state --state NEW,ESTABLISHED,RELATED
-j DNAT --to-destination <destination>:22 ;
- m tcp ?? kezako.
man iptables:
tcp extensions:
--source-port [!] port[:port]
--destination-port [!] port[:port]
--tcp-flags [!] mask comp
[!] --syn
--tcp-option [!] number
--mss value[:value]
(j'ai filtré les commentaires...)
=> filtre sur le contenu des entête tcp.
désolé je suis trop nul en iptables, c'est quoi les lignes de commande a mettre ?? je met quoi dans <destination> ?
merci d'avance
"no_spam" a écrit dans le message de news:
On Mon, 11 Oct 2004 13:09:50 +0200, Arnaud wrote:
cortexx wrote:
depuis l'utilisation d'iptables en firewall je n'arrive plus a me connecté a
ssh depuis l'internet (fonctionne en local). j'ai le message : ssh_exchange_identification : connection closed by remote
host
ma configuration d'iptables :
*nat :PREROUTING ACCEPT [94092:5318301] :POSTROUTING ACCEPT [1531:228506] :OUTPUT ACCEPT [0:0] -A POSTROUTING -o ppp0 -j MASQUERADE COMMIT # Completed on Mon Oct 11 09:53:08 2004 # Generated by iptables-save v1.2.11 on Mon Oct 11 09:53:08 2004 *filter :INPUT DROP [89575:5015721] :FORWARD DROP [0:0] :OUTPUT DROP [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A INPUT -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i ppp0 -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -i ppp0 -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -i ppp0 -p tcp -m tcp --dport 5900 -j ACCEPT -A FORWARD -i ppp0 -o eth0 -p udp -m udp --sport 53 -j ACCEPT -A FORWARD -i eth0 -o ppp0 -p udp -m udp --dport 53 -j ACCEPT -A FORWARD -i ppp0 -o eth0 -p tcp -m tcp --sport 53 -j ACCEPT -A FORWARD -i eth0 -o ppp0 -p tcp -m tcp --dport 53 -j ACCEPT -A FORWARD -i eth0 -o ppp0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i ppp0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT -A OUTPUT -o eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -o ppp0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -o ppp0 -p tcp -m tcp --sport 22 -j ACCEPT -A OUTPUT -o ppp0 -p tcp -m tcp --sport 80 -j ACCEPT -A OUTPUT -o ppp0 -p tcp -m tcp --sport 5900 -j ACCEPT COMMIT
merci d'avance
Il ne manquerait pas une règle du genre : ${IPTABLES} -t nat -A PREROUTING -i ppp0 -p tcp -m tcp --destination-port 22 -m state --state NEW,ESTABLISHED,RELATED -j DNAT --to-destination <destination>:22 ;
- m tcp ?? kezako.
man iptables: tcp extensions: --source-port [!] port[:port] --destination-port [!] port[:port] --tcp-flags [!] mask comp [!] --syn --tcp-option [!] number --mss value[:value] (j'ai filtré les commentaires...) => filtre sur le contenu des entête tcp.