[Shorewall-users] ssh to local servers

Matthew Simpson msimpson at market-research.com
Sun Aug 17 01:16:42 PDT 2003


Hi All,

I have just set up shorewall with the 'two-interfaces.tar.gz' but I 
can't seem to ssh to any of my local servers. What do I need to add 
to my /etc/shorewall/rules to allow me to ssh to say 192.168.10.12 ?

Thanks,

Matt

Here is my iptables output;

# iptables -L -n -v
Chain INPUT (policy DROP 0 packets, 0 bytes)
  pkts bytes target     prot opt in     out     source               destination
     0     0 DROP      !icmp --  *      *       0.0.0.0/0 
0.0.0.0/0          state INVALID
   131 20289 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
   731 72671 ppp0_in    all  --  ppp0   *       0.0.0.0/0            0.0.0.0/0
   499 60709 eth0_in    all  --  eth0   *       0.0.0.0/0            0.0.0.0/0
     0     0 common     all  --  *      *       0.0.0.0/0            0.0.0.0/0
     0     0 LOG        all  --  *      *       0.0.0.0/0 
0.0.0.0/0          LOG flags 0 level 6 prefix 
`Shorewall:INPUT:REJECT:'
     0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes)
  pkts bytes target     prot opt in     out     source               destination
     0     0 DROP      !icmp --  *      *       0.0.0.0/0 
0.0.0.0/0          state INVALID
    32  6036 ppp0_fwd   all  --  ppp0   *       0.0.0.0/0            0.0.0.0/0
    33  5229 eth0_fwd   all  --  eth0   *       0.0.0.0/0            0.0.0.0/0
     0     0 common     all  --  *      *       0.0.0.0/0            0.0.0.0/0
     0     0 LOG        all  --  *      *       0.0.0.0/0 
0.0.0.0/0          LOG flags 0 level 6 prefix 
`Shorewall:FORWARD:REJECT:'
     0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy DROP 1 packets, 80 bytes)
  pkts bytes target     prot opt in     out     source               destination
     0     0 DROP      !icmp --  *      *       0.0.0.0/0 
0.0.0.0/0          state INVALID
     0     0 ACCEPT     udp  --  *      ppp0    0.0.0.0/0 
0.0.0.0/0          udp dpts:67:68
   131 20289 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0
   851 56734 fw2net     all  --  *      ppp0    0.0.0.0/0            0.0.0.0/0
   328 39648 fw2loc     all  --  *      eth0    0.0.0.0/0            0.0.0.0/0
     0     0 common     all  --  *      *       0.0.0.0/0            0.0.0.0/0
     0     0 LOG        all  --  *      *       0.0.0.0/0 
0.0.0.0/0          LOG flags 0 level 6 prefix 
`Shorewall:OUTPUT:REJECT:'
     0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain all2all (3 references)
  pkts bytes target     prot opt in     out     source               destination
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0 
0.0.0.0/0          state RELATED,ESTABLISHED
     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0 
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
   501 60816 common     all  --  *      *       0.0.0.0/0            0.0.0.0/0
     3   164 LOG        all  --  *      *       0.0.0.0/0 
0.0.0.0/0          LOG flags 0 level 6 prefix 
`Shorewall:all2all:REJECT:'
     3   164 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain common (5 references)
  pkts bytes target     prot opt in     out     source               destination
     0     0 icmpdef    icmp --  *      *       0.0.0.0/0            0.0.0.0/0
   508 61432 reject     udp  --  *      *       0.0.0.0/0 
0.0.0.0/0          udp dpts:137:139
     0     0 reject     udp  --  *      *       0.0.0.0/0 
0.0.0.0/0          udp dpt:445
     0     0 reject     tcp  --  *      *       0.0.0.0/0 
0.0.0.0/0          tcp dpt:139
     0     0 reject     tcp  --  *      *       0.0.0.0/0 
0.0.0.0/0          tcp dpt:445
     3   144 reject     tcp  --  *      *       0.0.0.0/0 
0.0.0.0/0          tcp dpt:135
     0     0 DROP       udp  --  *      *       0.0.0.0/0 
0.0.0.0/0          udp dpt:1900
     0     0 DROP       all  --  *      *       0.0.0.0/0 
255.255.255.255
     0     0 DROP       all  --  *      *       0.0.0.0/0            224.0.0.0/4
     0     0 reject     tcp  --  *      *       0.0.0.0/0 
0.0.0.0/0          tcp dpt:113
     0     0 DROP       udp  --  *      *       0.0.0.0/0 
0.0.0.0/0          udp spt:53 state NEW
     0     0 DROP       all  --  *      *       0.0.0.0/0 
192.168.10.255

Chain dynamic (4 references)
  pkts bytes target     prot opt in     out     source               destination

Chain eth0_fwd (1 references)
  pkts bytes target     prot opt in     out     source               destination
    33  5229 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0
    33  5229 loc2net    all  --  *      ppp0    0.0.0.0/0            0.0.0.0/0

Chain eth0_in (1 references)
  pkts bytes target     prot opt in     out     source               destination
   499 60709 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0
   499 60709 loc2fw     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain fw2loc (1 references)
  pkts bytes target     prot opt in     out     source               destination
   325 39484 ACCEPT     all  --  *      *       0.0.0.0/0 
0.0.0.0/0          state RELATED,ESTABLISHED
     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0 
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
     0     0 ACCEPT     icmp --  *      *       0.0.0.0/0 
0.0.0.0/0          icmp type 8
     3   164 all2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain fw2net (1 references)
  pkts bytes target     prot opt in     out     source               destination
   835 55676 ACCEPT     all  --  *      *       0.0.0.0/0 
0.0.0.0/0          state RELATED,ESTABLISHED
     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0 
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0 
0.0.0.0/0          state NEW tcp dpt:53
    13   830 ACCEPT     udp  --  *      *       0.0.0.0/0 
0.0.0.0/0          state NEW udp dpt:53
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0 
0.0.0.0/0          state NEW tcp dpt:22
     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0 
0.0.0.0/0          state NEW udp dpt:22
     0     0 ACCEPT     icmp --  *      *       0.0.0.0/0 
0.0.0.0/0          icmp type 8
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0 
0.0.0.0/0          state NEW tcp dpt:80
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0 
0.0.0.0/0          state NEW tcp dpt:123
     3   228 ACCEPT     udp  --  *      *       0.0.0.0/0 
0.0.0.0/0          state NEW udp dpt:123
     0     0 all2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain icmpdef (1 references)
  pkts bytes target     prot opt in     out     source               destination

Chain loc2fw (1 references)
  pkts bytes target     prot opt in     out     source               destination
     0     0 ACCEPT     all  --  *      *       0.0.0.0/0 
0.0.0.0/0          state RELATED,ESTABLISHED
     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0 
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0 
0.0.0.0/0          state NEW tcp dpt:53
     1    57 ACCEPT     udp  --  *      *       0.0.0.0/0 
0.0.0.0/0          state NEW udp dpt:53
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0 
0.0.0.0/0          state NEW tcp dpt:22
     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0 
0.0.0.0/0          state NEW udp dpt:22
     0     0 ACCEPT     icmp --  *      *       0.0.0.0/0 
0.0.0.0/0          icmp type 8
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0 
0.0.0.0/0          state NEW tcp dpt:80
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0 
0.0.0.0/0          state NEW tcp dpt:123
     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0 
0.0.0.0/0          state NEW udp dpt:123
   498 60652 all2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain loc2net (1 references)
  pkts bytes target     prot opt in     out     source               destination
    24  4627 ACCEPT     all  --  *      *       0.0.0.0/0 
0.0.0.0/0          state RELATED,ESTABLISHED
     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0 
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
     9   602 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain logdrop (30 references)
  pkts bytes target     prot opt in     out     source               destination
     0     0 LOG        all  --  *      *       0.0.0.0/0 
0.0.0.0/0          LOG flags 0 level 6 prefix 
`Shorewall:rfc1918:DROP:'
     0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain net2all (2 references)
  pkts bytes target     prot opt in     out     source               destination
    32  6036 ACCEPT     all  --  *      *       0.0.0.0/0 
0.0.0.0/0          state RELATED,ESTABLISHED
     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0 
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
    23  3532 common     all  --  *      *       0.0.0.0/0            0.0.0.0/0
    10  2608 LOG        all  --  *      *       0.0.0.0/0 
0.0.0.0/0          LOG flags 0 level 6 prefix 
`Shorewall:net2all:DROP:'
    10  2608 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain net2fw (1 references)
  pkts bytes target     prot opt in     out     source               destination
   707 69079 ACCEPT     all  --  *      *       0.0.0.0/0 
0.0.0.0/0          state RELATED,ESTABLISHED
     0     0 newnotsyn  tcp  --  *      *       0.0.0.0/0 
0.0.0.0/0          state NEW tcp flags:!0x16/0x02
     1    60 ACCEPT     tcp  --  *      *       0.0.0.0/0 
0.0.0.0/0          state NEW tcp dpt:22
     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0 
0.0.0.0/0          state NEW udp dpt:22
     0     0 ACCEPT     icmp --  *      *       0.0.0.0/0 
0.0.0.0/0          icmp type 8
     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0 
0.0.0.0/0          state NEW tcp dpt:873
    23  3532 net2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain newnotsyn (7 references)
  pkts bytes target     prot opt in     out     source               destination
     0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain ppp0_fwd (1 references)
  pkts bytes target     prot opt in     out     source               destination
    32  6036 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0
     0     0 rfc1918    all  --  *      *       0.0.0.0/0 
0.0.0.0/0          state NEW
    32  6036 net2all    all  --  *      eth0    0.0.0.0/0            0.0.0.0/0

Chain ppp0_in (1 references)
  pkts bytes target     prot opt in     out     source               destination
   731 72671 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0
     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0 
0.0.0.0/0          udp dpts:67:68
    24  3592 rfc1918    all  --  *      *       0.0.0.0/0 
0.0.0.0/0          state NEW
   731 72671 net2fw     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain reject (10 references)
  pkts bytes target     prot opt in     out     source               destination
     4   204 REJECT     tcp  --  *      *       0.0.0.0/0 
0.0.0.0/0          reject-with tcp-reset
   510 61536 REJECT     all  --  *      *       0.0.0.0/0 
0.0.0.0/0          reject-with icmp-port-unreachable

Chain rfc1918 (2 references)
  pkts bytes target     prot opt in     out     source               destination
     0     0 RETURN     all  --  *      *       255.255.255.255      0.0.0.0/0
     0     0 DROP       all  --  *      *       169.254.0.0/16       0.0.0.0/0
     0     0 logdrop    all  --  *      *       172.16.0.0/12        0.0.0.0/0
     0     0 logdrop    all  --  *      *       192.0.2.0/24         0.0.0.0/0
     0     0 logdrop    all  --  *      *       192.168.0.0/16       0.0.0.0/0
     0     0 logdrop    all  --  *      *       0.0.0.0/7            0.0.0.0/0
     0     0 logdrop    all  --  *      *       2.0.0.0/8            0.0.0.0/0
     0     0 logdrop    all  --  *      *       5.0.0.0/8            0.0.0.0/0
     0     0 logdrop    all  --  *      *       7.0.0.0/8            0.0.0.0/0
     0     0 logdrop    all  --  *      *       10.0.0.0/8           0.0.0.0/0
     0     0 logdrop    all  --  *      *       23.0.0.0/8           0.0.0.0/0
     0     0 logdrop    all  --  *      *       27.0.0.0/8           0.0.0.0/0
     0     0 logdrop    all  --  *      *       31.0.0.0/8           0.0.0.0/0
     0     0 logdrop    all  --  *      *       36.0.0.0/7           0.0.0.0/0
     0     0 logdrop    all  --  *      *       39.0.0.0/8           0.0.0.0/0
     0     0 logdrop    all  --  *      *       41.0.0.0/8           0.0.0.0/0
     0     0 logdrop    all  --  *      *       42.0.0.0/8           0.0.0.0/0
     0     0 logdrop    all  --  *      *       49.0.0.0/8           0.0.0.0/0
     0     0 logdrop    all  --  *      *       50.0.0.0/8           0.0.0.0/0
     0     0 logdrop    all  --  *      *       58.0.0.0/7           0.0.0.0/0
     0     0 logdrop    all  --  *      *       60.0.0.0/8           0.0.0.0/0
     0     0 logdrop    all  --  *      *       70.0.0.0/7           0.0.0.0/0
     0     0 logdrop    all  --  *      *       72.0.0.0/5           0.0.0.0/0
     0     0 logdrop    all  --  *      *       83.0.0.0/8           0.0.0.0/0
     0     0 logdrop    all  --  *      *       84.0.0.0/6           0.0.0.0/0
     0     0 logdrop    all  --  *      *       88.0.0.0/5           0.0.0.0/0
     0     0 logdrop    all  --  *      *       96.0.0.0/3           0.0.0.0/0
     0     0 logdrop    all  --  *      *       127.0.0.0/8          0.0.0.0/0
     0     0 logdrop    all  --  *      *       197.0.0.0/8          0.0.0.0/0
     0     0 logdrop    all  --  *      *       198.18.0.0/15        0.0.0.0/0
     0     0 logdrop    all  --  *      *       201.0.0.0/8          0.0.0.0/0
     0     0 logdrop    all  --  *      *       240.0.0.0/4          0.0.0.0/0

Chain shorewall (0 references)
  pkts bytes target     prot opt in     out     source               destination


More information about the Shorewall-users mailing list