On Sat, 16 Feb 2008 14:58:32 +1300 Michael <[EMAIL PROTECTED]> wrote:
> What's not working? Everything? > > Just SSh? This is all you really need: > - iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT > > If you must use your fancy pants SSh rule, I would suggest inserting (-I) it > before your drop rules: > $IPTables -I INPUT -p tcp -i eth0 --dport 22 -m state --state NEW,ESTABLISHED > -j ACCEPT > > I don't think you need the SSh OUPUT rule because iptables is a stateful > firewall. > > Clients can't connect to the internet? You have no MASQ rule. > - iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE > > Cheers, > Michael. Hi Michael, The problem is that nobody can connect to this server via ssh, and existing connections lock up! I don't think I need any nat services, as the primary function is to tunnel services from remote clients to this server ( and onwards ) via ssh. I do need the OUTPUT stuff, as I will be limiting both services and servers that the users can use ): Cheers, Steve -- Steve Holdoway <[EMAIL PROTECTED]>
