Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
How to route outgoing connection via Floating IP Question Question
SFO2 region packet loss / Telia issue? Question Question

Question

iptables ssh not working

Posted September 24, 2018 2.4k views
NetworkingUbuntu 18.04

First I connected to server B’s vpn and ssh into server B from my local machine. Then I continue ssh into server A but fail.
Machine B with VPN and machine A both with private network setup. I’ve checked my ip when I connected to the vpn, the ip is machine B’s public ip.

The iptable rules are as follow:
(A)
sudo iptables -P INPUT ACCEPT
sudo iptables -P OUTPUT ACCEPT
sudo iptables -P FORWARD ACCEPT
sudo iptables -F
sudo iptables -A INPUT -p tcp -s <server B private ip> –dport 22 -i eth1 -j ACCEPT
sudo iptables -A OUTPUT -p tcp -d <server B private ip> –sport 22 -o eth1 -m state –state ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A OUTPUT -o lo -j ACCEPT

(B) openvpn
sudo iptables -P INPUT ACCEPT
sudo iptables -P OUTPUT ACCEPT
sudo iptables -P FORWARD ACCEPT
sudo iptables -F
sudo iptables -A INPUT -p tcp -s <server A private ip> –dport 22 -i eth1 -j ACCEPT
sudo iptables -A OUTPUT -p tcp -d <server A private ip> –sport 22 -o eth1 -m state –state ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A OUTPUT -o lo -j ACCEPT
sudo iptables -I OUTPUT -o eth0 -d 0.0.0.0/0 -j ACCEPT
sudo iptables -I INPUT -i eth0 -m state –state ESTABLISHED,RELATED -j ACCEPT

What I’m trying to achieve is ssh from machine B into machine A with private network ip while connecting to machine’s B openvpn.

No other firewall setup because I am testing the behavior of iptable with openvpn. Anyone can help to explain? Thanks.

Add a comment
mefav
By:
mefav

Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
How to route outgoing connection via Floating IP Question Question
SFO2 region packet loss / Telia issue? Question Question

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
2 answers
jarland September 24, 2018

Hey friend!

That is a tough one. I’ll try to offer any help that I can to surface the issue. I think we can simplify this a bit by removing the VPN logic from the thought process at least. Once connected to B over SSH, the connection you are troubleshooting is from B to A. The theory being that this would work or fail regardless of whether or not you were connected to or needed the VPN to connect to SSH on B, as the connection is purely B -> A at that stage. With that as a framework, we can reduce the question to this:

Why can’t B connect to A’s SSH server over private network?

So then I would ask:

  1. Are you certain that the private network is properly configured and functional on both machines?
  2. Are they able to ping each other over the private network?
  3. Is your VPN assigning client space in the IP range of the private network for either machine?

Hopefully this at least exposes a path for further troubleshooting.

Jarland

Reply Report
mefav September 25, 2018

I’ve check and notice none of the arp entry is private network address and using private network interface. Is this normal? Is this the reason of the connection not working?

Reply Report

Related

Looking for something else?

Ask a new question Search for more help