iptables firewall rules not allowing ssh from lan to DMZ

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by ageis23 on Super User See other posts from Super User or by ageis23
Published on 2011-01-10T21:14:32Z Indexed on 2011/01/10 21:55 UTC
Read the original article Hit count: 251

Filed under: 
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
REJECT     tcp  --  anywhere             anywhere            tcp dpt:www reject-with tcp-reset 
REJECT     tcp  --  anywhere             anywhere            tcp dpt:telnet reject-with tcp-reset 
ACCEPT     0    --  anywhere             anywhere            state RELATED,ESTABLISHED 
DROP       udp  --  anywhere             anywhere            udp dpt:route 
DROP       udp  --  anywhere             anywhere            udp dpt:route 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:route 
logdrop    icmp --  anywhere             anywhere            
logdrop    igmp --  anywhere             anywhere            
ACCEPT     udp  --  anywhere             anywhere            udp dpt:5060 
ACCEPT     0    --  anywhere             anywhere            state NEW 
logaccept  0    --  anywhere             anywhere            state NEW 
ACCEPT     0    --  anywhere             anywhere            
ACCEPT     0    --  anywhere             anywhere            
ACCEPT     0    --  anywhere             anywhere            
logdrop    0    --  anywhere             anywhere            

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
REJECT     0    --  192.168.0.0/24       192.168.2.0/24      reject-with icmp-port-unreachable 
ACCEPT     tcp  --  choister             192.168.2.142       tcp dpt:ssh state NEW 
REJECT     0    --  192.168.0.0/24       192.168.3.0/24      reject-with icmp-port-unreachable 
ACCEPT     gre  --  192.168.1.0/24       anywhere            
ACCEPT     tcp  --  192.168.1.0/24       anywhere            tcp dpt:1723 
ACCEPT     0    --  anywhere             anywhere            
ACCEPT     0    --  anywhere             anywhere            
ACCEPT     0    --  anywhere             anywhere            
ACCEPT     0    --  anywhere             anywhere            
TCPMSS     tcp  --  anywhere             anywhere            tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU 
lan2wan    0    --  anywhere             anywhere            
ACCEPT     0    --  anywhere             anywhere            state RELATED,ESTABLISHED 
logaccept  tcp  --  anywhere             choister            tcp dpt:www 
TRIGGER    0    --  anywhere             anywhere            TRIGGER type:in match:0 relate:0 
trigger_out  0    --  anywhere             anywhere            
logaccept  0    --  anywhere             anywhere            state NEW 
logdrop    0    --  anywhere             anywhere

The ssh server I'm trying to connect to is in the DMZ(192.168.0.145). It's mainly used as a web server. I need access to it from my room 192.168.2.142. I don't get why ssh can't forward onto the 192.168.2.0 subnet? I'm sure it's the reject rule that causing this because it works without it.

© Super User or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about iptables

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle