Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am in the process of revamping the firewall. I just took over the IT Department and am trying to weed out the "crap".
My Q is this: I want to allow SSH2 through the "for now" firewall and to a backend server. I went into the existing script and entered the following iptables command:
This should work shouldn't it? Incoming connection from external IP forward to internal IP server SSH.
A buddy of mine tried to login remotely and got Connection Refused. I tried from the internal network to the external IP (not the same one I am on) and I got a connection, asked me for the username and password ... I entered those and it came back as bad login, would you like to try again. I know the username and passwords are correct. Do I need to open any other port than 22?
Do I have the above correct? Maybe that is my problem. Any help is appreciated. I am starting to understand iptables, still a ways to go though.
Oh, sorry 1 more thing. This rule iptables -A INPUT -p tcp --destination-port 22 -j ACCEPT if it came before the above, would it disregard the above and take this one because is is first? This looks like SSH to the firewall. Am I right?
I am guessing "Get a book" means "You have it wrong and I am not going to tell you, figure it out yourself" or was that forum lingo meaning "I don't know".
I don't mean to be snarky but I don't have time to run out to get the book. I figured I could get help on this and THEN get a book. I guess I misunderstood what forums were for. I thought they are here to help people in need, not to promote books.
If anyone else has any other help I would greatly appreciate it. Pointing me to a book was not the answer I was hoping for.
I did get rid of the iptables -A INPUT -p tcp --destination-port 22 -j ACCEPT and I changed the IP to our primary one. For some reason, the ppl that built the firewall int he first place had things weird. Oh well.
I thank you again because eveerything works 100% now.
No, get a book means get a book becuase it has a reputation as a good book and will give you some in depth knowledge you could use if you are working with firewalls!!!!!!!!
Thanks Atrosity but I think that I could have figured out myself to get a book. If I figured that it would be quicker and more efficient to get it then I would. But like I said in my previous post, forums are for helpping people in need, not to promote books. If you want to fine, but make sure you answer the question in need as well.
Just telling people to "Buy a book" doesn't help anyone. Help is why we go to forums. You could learn a lot from benjithegreat98's post.
How are technology books a waste of money, that is the dumbest thing I have ever heard!! You have to have a base of something outdated before you can build apon that knowledge in order to create new technologies!!! You get that base from books and working with the current technologies before you can create a new one!!
You're missing the point (as I suspected you might).
By the time a book makes it to print and to the store shelves and in your little hands it's already outdated (read: largely incomplete to useless) information.
If you want to spend $40-$80 USD for something of very little practical application (other than slaughtering trees to print them on), go right ahead. I'll get my information from the electronic manuals and howtos and google and forums and spend the money I've saved on hardware (or beer or whatever).
I'm inclined to agree with Atrocity on the usefulness of books. You can learn some from the on-line manuals and such but for a thorough explanation of how something works you should get the book. A book won't really be obsolete at the rate you are saying. I know you are exagerrating, but I still have some old books out of college that are useful. Some are not. Usually books will give you better ideas about the 'best practice' which is useful because if the program changes slightly you can still have an understanding of what you need to accomplish by reading what has changed instead of looking for someone to hold your hand because you do not have as good a comprehension of the subject as you could.
To each his own I suppose ... For me, they're a waste. There are a few rare exceptions of course (The K&R C books for example), but those exceptions are few and far between. I can't recall the last thing I needed my hand held with though, so I guess maybe I'm a bad example.
Just to clarify, I wasn't directing the hand holding bit at you or any one in particular. I've taken short cuts to find quick answers to solve my problem and then the next change that came along I was lost again. I needed to find a thread to hold my hand to get it fixed right. But after doing that a bunch of times I tried to learn the subject thoroughly. Fortunately, places like this exist.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.