Welcome to the Linux Foundation Forum!

SSH Login Problem

hi this is dinesh,

Am having a strange problem. Am using this firewall to my ISP server, I cant access my Global IP in other network. Am using 1 block of Global IP to incoming, and another block of Global IP for customers and other server. What is the problem while i trying customers and other servers global IP in other network cant ssh login and pinging (it displays TTL time expired). Please give me an alternate firewall scripts.

dp

filter

# Firewall configuration

/sbin/depmod -a

/sbin/modprobe ip_tables

/sbin/modprobe ip_conntrack

/sbin/modprobe iptable_filter

/sbin/modprobe iptable_mangle

/sbin/modprobe iptable_nat

/sbin/modprobe ipt_LOG

/sbin/modprobe ipt_limit

/sbin/modprobe ipt_state

/sbin/modprobe ipt_owner

/sbin/modprobe ipt_REJECT

/sbin/modprobe ipt_MASQUERADE

/sbin/modprobe ip_conntrack_ftp

/sbin/modprobe ip_nat_ftp

/sbin/modprobe ip_conntrack_irc

/sbin/modprobe ip_nat_irc

echo "1" > /proc/sys/net/ipv4/ip_forward

iptables -P FORWARD DROP

iptables -A FORWARD -s 0/0 -p icmp -j ACCEPT

iptables -A FORWARD -s 192.168.0.0/24 -j ACCEPT

###############################################################################

# USER LIST

################################################################################

###############################################################################

iptables -A FORWARD -p udp -s 0/0 -m multiport --dports 500,4005,8000,543,50,51,1723,6565,1733,8181,5900,587,2525,80 -j ACCEPT

iptables -A FORWARD -p tcp -s 0/0 -m multiport --dports 500,4005,8000,543,50,51,1723,6565,8181,5900,587,2525,80 -j ACCEPT

###############################################################################

###############################################################################

##squid

#iptables -t nat -A PREROUTING -p TCP --dport 80 -j REDIRECT --to-ports 3128

#iptables -t nat -A PREROUTING -p TCP --dport 8080 -j REDIRECT --to-ports 3128

#iptables -t nat -A PREROUTING -p TCP --dport 80 -s 192.168.0.0/24 -j REDIRECT --to-ports 3128

###############################################################################

####################### DON'T DELETE ME #######################################

iptables -A FORWARD -p icmp -i eth1 -s 0/0 -j ACCEPT

iptables -t mangle -A PREROUTING -p tcp -s 0/0 --dport 80 -j TOS --set-tos Maximize-Throughput

iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

################################################################################

################################################################################

iptables -t nat -A POSTROUTING -p all -j SNAT --to-source *.*.*.*

###############################################################################

pls convey my problem.

Thanking You,

With regards,

Dine...

Comments

  • mfillpot
    mfillpot Posts: 2,177
    I beleive that I have found the problem, but I would like you to paste the output of "iptables -L -v -n --line-numbers" before I state my assumption.
  • mfillpot
    mfillpot Posts: 2,177
    By what I am seeing the order of the following lines is incorrect:

    iptables -P FORWARD DROP
    iptables -A FORWARD -s 0/0 -p icmp -j ACCEPT
    iptables -A FORWARD -s 192.168.0.0/24 -j ACCEPT

    You are starting out your forwarding by telling it to drop all forwarding traffic, that line should be after the accept list(s), but as stated before the output of the previously listed command will confirm the true processing order of your firewall since I doubt those are all of your rules.
  • dine
    dine Posts: 3
    thank u....sir,
    i got correct rules.

Categories

Upcoming Training