HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Server Operation (http://www.howtoforge.com/forums/forumdisplay.php?f=5)
-   -   chrooted ssh guide killed perforce (http://www.howtoforge.com/forums/showthread.php?t=29895)

v2k 31st December 2008 09:35

chrooted ssh guide killed perforce
 
I tried following this guide to setup chrooted ssh:
http://www.howtoforge.com/chroot_ssh_sftp_fedora7

I tried manual and script methods. I was never able to get it to work. I never touched my 'perforce' user, but now I am unable to connect to my perforce server running on the same machine.

"WSAEHOSTUNREACH"

I have no idea where to start. The p4d is running and I can ssh into the box.

v2k 31st December 2008 09:51

My bad, turning off iptables gets around this. I know I didn't touch iptables at all, but I don't see how this could be related to the ssh stuff I was playing with.

v2k 31st December 2008 09:56

These iptables look totally foreign to me aside from opening port 22 and 80, have I been hacked? Or is this normal... 224.0.0.251 means nothing to me.

Code:

]$ sudo cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

-A INPUT -p icmp -j ACCEPT

-A INPUT -i lo -j ACCEPT

-A INPUT -m state --state NEW -m udp -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT

-A INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT

-A INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

-A INPUT -j REJECT --reject-with icmp-host-prohibited

-A FORWARD -j REJECT --reject-with icmp-host-prohibited

COMMIT


falko 1st January 2009 10:54

Quote:

Originally Posted by v2k (Post 162216)
Or is this normal... 224.0.0.251 means nothing to me.

It's used for multicast DNS: http://www.usenet-forums.com/linux-n...rt-5353-a.html


All times are GMT +2. The time now is 04:33.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.