Vidar Tyldum Hansen wrote:
> http://tyldum.com/iptables.save.txt

I removed the counters, they were only in the way, and this sort of 
stuck out at me;

-A OUTPUT -o eth1 -j admin_ut
-A OUTPUT -o eth3 -j felles_ut
-A OUTPUT -o eth2 -j sosial_ut
-A OUTPUT -o eth5 -j internett_ut
-A OUTPUT -o eth0 -j radio_ut
-A OUTPUT -o eth6 -j dmz_ut
-A OUTPUT -o eth4 -j elev_ut

if you're not going to filter output, why define rules that jump to 
empty tables?

similarily, you only filter packages from the internet on input..
I would prefer filtering everything in/out on every interface, and only 
allow the traffic you want in..
(see http://www.ranum.com/security/computer_security/editorials/dumb/)

http://84.234.141.4/fw - this is my setup..

anyhoo.. back to your problem..
I can't see anything in your iptables that should cause your problem.. I 
do however note you use tc to shape student traffic.. does the ssh 
problem go away if you (temporarily) remove shaping?

if no, I would suggest making a new setup, without all the extra 
chains.. you know, just to test :)

Cheers,
-- 
Morten
_______________________________________________
tsl-discuss mailing list
[email protected]
http://lists.trustix.org/mailman/listinfo/tsl-discuss

Reply via email to