iptables (Re: Connection Refused on ssh)

[John Heim]

At 11:22 AM 10/7/2004, Mike Gorse you wrote:
>Also, are you sure that sshd is running on the machine (ie, pidof sshd 
>returns something)?  If so, then try using ipchains or iptables to make 
>sure it isn't being firewalled.  At one point we had a RH box at work on 
>which I was trying to enable ssh, but the person who installed rh had 
>selected an option for a firewall, so I wound up needing to edit a file in 
>/etc/sysconfig (the file did say that manually editing it was not 
>recommended, but it didn't say how I was supposed to edit it if not 
>manually) to tell it to accept connections on port 22 as it did for 23 and 
>others.


You can run  netconfig. It would allow you to allow ssh connections through 
your firewall. When you exit, it saves it's settings in 
/etc/sysconfig/iptables. That file is the one that says you shouldn't edit 
it manually.

That netconfig program is pretty limited in what it can do.   And the file 
it creates has the same format as iptables-save.  So what you can do is 
issue iptables commands until you've got your firewall configured just the 
way you want it thand do this:

$ iptables-save > /etc/sysconfig/iptables

The next time you reboot, your firewall will be just like it was when you 
issued the above command.