Vidar Tyldum Hansen wrote: > http://tyldum.com/iptables.save.txt
I removed the counters, they were only in the way, and this sort of stuck out at me; -A OUTPUT -o eth1 -j admin_ut -A OUTPUT -o eth3 -j felles_ut -A OUTPUT -o eth2 -j sosial_ut -A OUTPUT -o eth5 -j internett_ut -A OUTPUT -o eth0 -j radio_ut -A OUTPUT -o eth6 -j dmz_ut -A OUTPUT -o eth4 -j elev_ut if you're not going to filter output, why define rules that jump to empty tables? similarily, you only filter packages from the internet on input.. I would prefer filtering everything in/out on every interface, and only allow the traffic you want in.. (see http://www.ranum.com/security/computer_security/editorials/dumb/) http://84.234.141.4/fw - this is my setup.. anyhoo.. back to your problem.. I can't see anything in your iptables that should cause your problem.. I do however note you use tc to shape student traffic.. does the ssh problem go away if you (temporarily) remove shaping? if no, I would suggest making a new setup, without all the extra chains.. you know, just to test :) Cheers, -- Morten _______________________________________________ tsl-discuss mailing list [email protected] http://lists.trustix.org/mailman/listinfo/tsl-discuss
