Christopher Chan wrote: > >> I tried it. I had everything open. Then I blocked everything. Then I >> set up a rule to allow SSH in to eth0 and out eth1 (and the other >> way). At least I thought that was what the rules said, but no SSH >> connectivity through the firewall. That was when I realized that I >> had not found the necessary incantation, and I had already shot most >> of tuesday. >> > > Too bad you missed the documentation on netfilter then. And that is the crux of the problem. Finding the right documentation.... And to look at documentation on netfilter besides iptables. > It would have told you that the INPUT chain controls what comes to the > box, the OUTPUT chain what originates from the box and the FORWARD > chain what goes through the box. > > You would have needed a rule in FORWARD to allow ssh connections > through the box. The rules in the INPUT and OUTPUT chains would have > zero effect on connections going through. > > Anyways, you have something now but in case you want to give iptables > another go... > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >