l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
April 21: Google Glass
Next Installfest:
TBD
Latest News:
Mar. 18: Google Glass at LUGOD's April meeting
Page last updated:
2003 Mar 10 16:07

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] SSH On Home Network
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] SSH On Home Network



Jim Angstadt said:
> --- Nino Brown <nino_brown@bad-one.com> wrote:
>> On Mon, 10 Mar 2003, Jim Angstadt wrote:
> My 3 boxes are behind a Netgear FR314 router which has
> a firewall.  I have no idea just how good that
> firewall is.

Having extra rules does offer more security as you have two filters in
place instead of one. However, extra complexity is also created, and
problems can arise as a result. I prefer the control that Linux
iptables/ipchains offers, and would include them as well, just as you
have.


>> I'm not sure if 8.0's firewall runs ipchains or
>> iptables.  You can check
>> by typing "lsmod | grep ipchains".  If you see a
>> line there, then you can
>> disable the firewall by typing "ipchains -F".  If it
>> is running iptables,
>> typing "ipchains -F" should disable it.  Let us know
>> what happensi.
> <snip>
>
> Here are 3 lines from lsmod output:
>
> ipt_REJECT              3736   6  (autoclean)
> iptable_filter          2412   1  (autoclean)
> ip_tables              14936   2  [ipt_REJECT
> iptable_filter]

What was being proposed, with the "-F" was to flush all of the firewall
rules from the box. If this is the intent, since you are running iptables,
you can "get there" with:
# iptables -F
Since your deafult rules for FORWARD, INPUT and OUTPUT are "ACCEPT", this
would likely permit other boxes to ssh to this box. However, this is also
not a permanent fix, but can be useful for testing to verify that the
problem you face is a filtering one.

I would only try this step if the prior step of inserting the rule should
fail.

Also, if you are going to go this far to "zap" all of your firewall rules
permanently, then we can cover not starting the firewall rules at boot
time. (Going to class, be back in 3 hours.)

-ME



-- 
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/CM$/IT$/LS$/S/O$ !d--(++) !s !a+++(-----) C++$(++++) U++++$(+$) P+$>+++
L+++$(++) E W+++$(+) N+ o K w+$>++>+++ O-@ M+$ V-$>- !PS !PE Y+ PGP++
t@-(++) 5+@ X@ R- tv- b++ DI+++ D+ G--@ e+>++>++++ h(++)>+ r*>? z?
------END GEEK CODE BLOCK------
decode: http://www.ebb.org/ungeek/ about: http://www.geekcode.com/geek.html
  Campus IT(/OS Security): Operating Systems Support Specialist Assistant

_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.