SSH Login Problem
hi this is dinesh,
Am having a strange problem. Am using this firewall to my ISP server, I cant access my Global IP in other network. Am using 1 block of Global IP to incoming, and another block of Global IP for customers and other server. What is the problem while i trying customers and other servers global IP in other network cant ssh login and pinging (it displays TTL time expired). Please give me an alternate firewall scripts.
dp
filter
# Firewall configuration
/sbin/depmod -a
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe iptable_filter
/sbin/modprobe iptable_mangle
/sbin/modprobe iptable_nat
/sbin/modprobe ipt_LOG
/sbin/modprobe ipt_limit
/sbin/modprobe ipt_state
/sbin/modprobe ipt_owner
/sbin/modprobe ipt_REJECT
/sbin/modprobe ipt_MASQUERADE
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_conntrack_irc
/sbin/modprobe ip_nat_irc
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -P FORWARD DROP
iptables -A FORWARD -s 0/0 -p icmp -j ACCEPT
iptables -A FORWARD -s 192.168.0.0/24 -j ACCEPT
###############################################################################
# USER LIST
################################################################################
###############################################################################
iptables -A FORWARD -p udp -s 0/0 -m multiport --dports 500,4005,8000,543,50,51,1723,6565,1733,8181,5900,587,2525,80 -j ACCEPT
iptables -A FORWARD -p tcp -s 0/0 -m multiport --dports 500,4005,8000,543,50,51,1723,6565,8181,5900,587,2525,80 -j ACCEPT
###############################################################################
###############################################################################
##squid
#iptables -t nat -A PREROUTING -p TCP --dport 80 -j REDIRECT --to-ports 3128
#iptables -t nat -A PREROUTING -p TCP --dport 8080 -j REDIRECT --to-ports 3128
#iptables -t nat -A PREROUTING -p TCP --dport 80 -s 192.168.0.0/24 -j REDIRECT --to-ports 3128
###############################################################################
####################### DON'T DELETE ME #######################################
iptables -A FORWARD -p icmp -i eth1 -s 0/0 -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -s 0/0 --dport 80 -j TOS --set-tos Maximize-Throughput
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
################################################################################
################################################################################
iptables -t nat -A POSTROUTING -p all -j SNAT --to-source *.*.*.*
###############################################################################
pls convey my problem.
Thanking You,
With regards,
Dine...
Comments
-
I beleive that I have found the problem, but I would like you to paste the output of "iptables -L -v -n --line-numbers" before I state my assumption.0
-
By what I am seeing the order of the following lines is incorrect:
iptables -P FORWARD DROP
iptables -A FORWARD -s 0/0 -p icmp -j ACCEPT
iptables -A FORWARD -s 192.168.0.0/24 -j ACCEPT
You are starting out your forwarding by telling it to drop all forwarding traffic, that line should be after the accept list(s), but as stated before the output of the previously listed command will confirm the true processing order of your firewall since I doubt those are all of your rules.0 -
thank u....sir,
i got correct rules.0
Categories
- All Categories
- 175 LFX Mentorship
- 175 LFX Mentorship: Linux Kernel
- 745 Linux Foundation IT Professional Programs
- 372 Cloud Engineer IT Professional Program
- 168 Advanced Cloud Engineer IT Professional Program
- 73 DevOps IT Professional Program - Discontinued
- 3 DevOps & GitOps IT Professional Program
- 98 Cloud Native Developer IT Professional Program
- 7.6K Training Courses & Learning Paths
- AI & ML Training
- Blockchain & Decentralized Identity Training
- Cloud & Containers Training
- Cybersecurity Training
- DevOps & Site-Reliability Training
- Linux Kernel Development Training
- Networking Training
- Open Source Best Practice Training
- System Administration Training
- System Engineering Training
- Web & Application Development Training
- 2 LFD103-JP クラス フォーラム
- 4 LFD210-CN Class Forum
- 764 LFD259 Class Forum
- 681 LFS101 Class Forum
- 2 LFS158-JP クラス フォーラム
- 162 LFS207 Class Forum
- 3 LFS207-DE-Klassenforum
- 4 LFS207-JP クラス フォーラム
- 61 LFS241 Class Forum
- 52 LFS242 Class Forum
- 42 LFS243 Class Forum
- 19 LFS244 Class Forum
- 4 LFS250-JP クラス フォーラム
- 166 LFS253 Class Forum
- 19 LFS256 Class Forum
- 1.4K LFS258 Class Forum
- 165 LFS261 Class Forum
- 26 LFS267 Class Forum
- 792 Hardware
- 202 Drivers
- 68 I/O Devices
- 37 Monitors
- 95 Multimedia
- 173 Networking
- 91 Printers & Scanners
- 87 Storage
- 768 Linux Distributions
- 81 Debian
- 67 Fedora
- 22 Linux Mint
- 13 Mageia
- 24 openSUSE
- 150 Red Hat Enterprise
- 31 Slackware
- 13 SUSE Enterprise
- 356 Ubuntu
- 465 Linux System Administration
- 31 Cloud Computing
- 73 Command Line/Scripting
- Github systems admin projects
- 98 Linux Security
- 78 Network Management
- 101 System Management
- 46 Web Management
- 105 Mobile Computing
- 18 Android
- 72 Development
- 1.2K New to Linux
- 1K Getting Started with Linux
- 392 Off Topic
- 121 Introductions
- 181 Small Talk
- 29 Study Material
- 940 Programming and Development
- 310 Kernel Development
- 612 Software Development
- 975 Software
- 367 Applications
- 182 Command Line
- 5 Compiling/Installing
- 68 Games
- 317 Installation
- Archived
- 2 LFD140 Class Forum
Upcoming Training
-
August 20, 2018
Kubernetes Administration (LFS458)
-
August 20, 2018
Linux System Administration (LFS301)
-
August 27, 2018
Open Source Virtualization (LFS462)
-
August 27, 2018
Linux Kernel Debugging and Security (LFD440)