Hello all.
Just upgraded to 1.9.2.7-4 and activated dropbear ssh deamon. Now i want to access it from wan, but i can not get it to work. (cause probably lack of knowledge in the iptables part)
This is the rule i have in my iptables :
Code:
Chain INPUT (policy ACCEPT)
target prot opt source destination
logdrop all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state NEW
ACCEPT all -- anywhere anywhere state NEW
ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc
logdrop all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
logdrop all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN limit: avg 1/sec burst 5
ACCEPT tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5
ACCEPT icmp -- anywhere anywhere limit: avg 1/sec burst 5 icmp echo-request
ACCEPT udp -- anywhere 192.168.1.2 udp dpt:11747
ACCEPT tcp -- anywhere 192.168.1.2 tcp dpt:12797
ACCEPT tcp -- anywhere 192.168.1.100 tcp dpt:6881
ACCEPT udp -- anywhere 192.168.1.100 udp dpt:6881
ACCEPT tcp -- anywhere 192.168.1.1 tcp dpt:ssh
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain MACS (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
logdrop all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere
Chain logaccept (0 references)
target prot opt source destination
LOG all -- anywhere anywhere state NEW LOG level warning tcp-sequence tcp-options ip-options prefix `ACCEPT '
ACCEPT all -- anywhere anywhere
Chain logdrop (4 references)
target prot opt source destination
LOG all -- anywhere anywhere state NEW LOG level warning tcp-sequence tcp-options ip-options prefix `DROP'
DROP all -- anywhere anywhere
is this correct?
thanks
Reply With Quote
Junior Member
Posting Permissions