l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2003 Mar 10 16:07

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] SSH On Home Network
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] SSH On Home Network

Jim Angstadt said:
> --- Nino Brown <nino_brown@bad-one.com> wrote:
>> On Mon, 10 Mar 2003, Jim Angstadt wrote:
> My 3 boxes are behind a Netgear FR314 router which has
> a firewall.  I have no idea just how good that
> firewall is.

Having extra rules does offer more security as you have two filters in
place instead of one. However, extra complexity is also created, and
problems can arise as a result. I prefer the control that Linux
iptables/ipchains offers, and would include them as well, just as you

>> I'm not sure if 8.0's firewall runs ipchains or
>> iptables.  You can check
>> by typing "lsmod | grep ipchains".  If you see a
>> line there, then you can
>> disable the firewall by typing "ipchains -F".  If it
>> is running iptables,
>> typing "ipchains -F" should disable it.  Let us know
>> what happensi.
> <snip>
> Here are 3 lines from lsmod output:
> ipt_REJECT              3736   6  (autoclean)
> iptable_filter          2412   1  (autoclean)
> ip_tables              14936   2  [ipt_REJECT
> iptable_filter]

What was being proposed, with the "-F" was to flush all of the firewall
rules from the box. If this is the intent, since you are running iptables,
you can "get there" with:
# iptables -F
Since your deafult rules for FORWARD, INPUT and OUTPUT are "ACCEPT", this
would likely permit other boxes to ssh to this box. However, this is also
not a permanent fix, but can be useful for testing to verify that the
problem you face is a filtering one.

I would only try this step if the prior step of inserting the rule should

Also, if you are going to go this far to "zap" all of your firewall rules
permanently, then we can cover not starting the firewall rules at boot
time. (Going to class, be back in 3 hours.)


Version: 3.12
GCS/CM$/IT$/LS$/S/O$ !d--(++) !s !a+++(-----) C++$(++++) U++++$(+$) P+$>+++
L+++$(++) E W+++$(+) N+ o K w+$>++>+++ O-@ M+$ V-$>- !PS !PE Y+ PGP++
t@-(++) 5+@ X@ R- tv- b++ DI+++ D+ G--@ e+>++>++++ h(++)>+ r*>? z?
decode: http://www.ebb.org/ungeek/ about: http://www.geekcode.com/geek.html
  Campus IT(/OS Security): Operating Systems Support Specialist Assistant

vox-tech mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.