[CentOS] Firewall frustration

Thu Jan 3 05:37:56 UTC 2008
Christopher Chan <christopher at ias.com.hk>

> I tried it. I had everything open. Then I blocked everything. Then I set 
> up a rule to allow SSH in to eth0 and out eth1 (and the other way). At 
> least I thought that was what the rules said, but no SSH connectivity 
> through the firewall. That was when I realized that I had not found the 
> necessary incantation, and I had already shot most of tuesday.
> 

Too bad you missed the documentation on netfilter then. It would have 
told you that the INPUT chain controls what comes to the box, the OUTPUT 
chain what originates from the box and the FORWARD chain what goes 
through the box.

You would have needed a rule in FORWARD to allow ssh connections through 
the box. The rules in the INPUT and OUTPUT chains would have zero effect 
on connections going through.

Anyways, you have something now but in case you want to give iptables 
another go...