HELP SSHD crashes on startup
Alex White
prata at kuei-jin.org
Thu Dec 2 13:19:33 UTC 2004
John Aldrich wrote:
> On Wednesday 01 December 2004 10:58 pm, Alex White wrote:
>
>>Have you checked your firewall settings? It really does sound like a
>>firewalling problem. Although you may have tried that already, I don't
>>see it mentioned anywhere. Usually if it's a firewall problem, you'll
>>get a connection refused error though. Depends on the client you are
>>using for sshing into the box. What client -are- you using anyhow?
>>
>
> Yeah... that's it all right. The guy who runs the local LUG here told me how
> to disable iptables to test and once I did that, I was able to get right in.
> Now, all I need to know is how to enable SSH and still have the rest of the
> iptables running! I'm afraid I never learned how to write iptables (or
> ipchains for that matter) rules.
> Thanks
> John
>
If you emacs /etc/sysconfig/iptables, you will see some various input.
From here you can add the following:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j
ACCEPT
There is going to be some line wrapping issues with that, just type it
all on one line, (Don't hit return). The line will wrap automatically
depending on how big the window is for emacs. Of course use the editor
of your choice. As a sample of what my /etc/sysconfig/iptables lookes
like, here is a section:
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j
ACCEPT
Note that the ssh and ftp port in my iptables setup comes -after- the
rule which allows already established connections out from my machine
back in. (Alexander can expound upon this if you don't know what the
duece I'm talking about, or I will depending on which one of us gets the
question first hehe).
HTH
Alex White
More information about the fedora-list
mailing list