more on non-working ssh
Dan Day
yellowdog-general@lists.terrasoftsolutions.com
Tue Mar 30 13:10:27 2004
> Now it's sounding more and more like a firewall issue.
>
> # iptables --list
>
> should show "policy ACCEPT" for INPUT, FORWARD and OUTPUT. If not,
> turn it
> off with "/etc/init.d/iptables stop".
Thanks Bill! The "iptables --list" did show "policy ACCEPT" for those
three but beneath that there were a bunch of other ACCEPT and REJECT
statements. I did the "/etc/init.d/iptables stop" which cleared
everything and then I was able to connect. I'll be sure to read the man
pages for iptables but can anyone tell me how these other lines were
added? Here's what iptables --list showed before clearing it:
------------
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Lokkit-0-50-INPUT (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp spt:ntp dpt:ntp
ACCEPT all -- anywhere anywhere
REJECT tcp -- anywhere anywhere tcp dpts:0:1023
flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:nfs
flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpts:0:1023 reject-with
icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpt:nfs reject-with
icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpts:x11:6009
flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:xfs
flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
---------------