Re: iptables problem



On 1/18/07, tamer amr <tamer_linux@xxxxxxxxx> wrote:
hi i have a strang problem
why any host can ssh me in the first list but can't in the second list

please i want to understand this case

Seeing as how the only difference between the two is a single rule, I
would hope it's obvious where you should be looking.

2 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh

In the first list, you're explicitly allowing "NEW" connection to the
"ssh" port in. In the second list, you're simply allowing traffic for
any already "ESTABLISHED" connections.

Please tell me this makes sense to you.

--
Jeremy L. Gaddis, MCP, GCWN
http://www.linuxwiz.net/

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list



Relevant Pages

  • Re: Looking for program that emails me when dhcp addr changes
    ... For SSH all you need forwarded is TCP Port 22... ... >>participate in TCP connections or UDP conversations it initiates but ...
    (comp.security.ssh)
  • Re: ssh and vnc problem
    ... but also SSH connections have a source port> 1024. ... I hope your firewall does not block ...
    (comp.security.ssh)
  • Re: SSH: remote login returns "invalid user"
    ... host mail.harlley-consultants.com ... server rather than web server? ... If they have the right server software running (mail, web, ssh daemon) then that software picks up the request. ... When you want to send mail to xxx@xxxxxxxxxxxxxxxxxxxxxxx, your mail server looks up the MX record for hartley-consultants and sends it to port 25 on the machine pointed to. ...
    (Debian-User)
  • Re: Port Forwarding
    ... I'm using SecureCRT 5.2.1 and i want to make ssh tunnel to access some ... I have to access Host 2, but to get to host 2 i have to first access ... Is there a way of doing it on SecureCRT? ... pick a port to use locally. ...
    (comp.security.ssh)
  • Re: Looking for program that emails me when dhcp addr changes
    ... > LA> Neither my ssh info or man route says mentions about how to ssh in ... >participate in TCP connections or UDP conversations it initiates but ... >The sheer ugliness of NAT is breathtaking. ... Any other connections besides port 22 I need to address? ...
    (comp.security.ssh)