Ajuda para abrir porta 443 no servidor SSH

removido
(usa Nenhuma)

Enviado em 14/05/2016 - 21:23h

Tem o iptables-config com isto:

# Load additional iptables modules (nat helpers)
# Default: -none-
# Space separated list of nat helpers (e.g. 'ip_nat_ftp ip_nat_irc'), which
# are loaded after the firewall rules are applied. Options for the helpers are
# stored in /etc/modprobe.conf.
IPTABLES_MODULES=""

# Unload modules on restart and stop
# Value: yes|no, default: yes
# This option has to be 'yes' to get to a sane state for a firewall
# restart or stop. Only set to 'no' if there are problems unloading netfilter
# modules.
IPTABLES_MODULES_UNLOAD="yes"

# Save current firewall rules on stop.
# Value: yes|no, default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets stopped
# (e.g. on system shutdown).
IPTABLES_SAVE_ON_STOP="no"

# Save current firewall rules on restart.
# Value: yes|no, default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets
# restarted.
IPTABLES_SAVE_ON_RESTART="no"

# Save (and restore) rule and chain counter.
# Value: yes|no, default: no
# Save counters for rules and chains to /etc/sysconfig/iptables if
# 'service iptables save' is called or on stop or restart if SAVE_ON_STOP or
# SAVE_ON_RESTART is enabled.
IPTABLES_SAVE_COUNTER="no"

# Numeric status output
# Value: yes|no, default: yes
# Print IP addresses and port numbers in numeric format in the status output.
IPTABLES_STATUS_NUMERIC="yes"

# Verbose status output
# Value: yes|no, default: yes
# Print info about the number of packets and bytes plus the "input-" and
# "outputdevice" in the status output.
IPTABLES_STATUS_VERBOSE="no"

# Status output with numbered lines
# Value: yes|no, default: yes
# Print a counter/number for every rule in the status output.
IPTABLES_STATUS_LINENUMBERS="yes"

# Reload sysctl settings on start and restart
# Default: -none-
# Space separated list of sysctl items which are to be reloaded on start.
# List items will be matched by fgrep.
#IPTABLES_SYSCTL_LOAD_LIST=".nf_conntrack .bridge-nf"

Smolkyn
(usa openSUSE)

Enviado em 14/05/2016 - 21:25h

Não sou especialista em iptables mas tenta isso:

iptables -A INPUT -p tcp -m tcp --sport 443 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT

service iptables save
service iptables restart

e tenta novamente






Signed by brunnometal:
------------------------------------------------------------
- User: Bruno Lima
- Nasc: 25/04/1983
- Local: Recife/PE
- Distro Principal: Arch Linux (KDE)
- Distro Experimental: Nenhuma

removido
(usa Nenhuma)

Enviado em 14/05/2016 - 21:30h

Ele salvou, mas ainda continua fechada a porta conforme teste telnet:

===========
[root@nt1 ~]# iptables -A INPUT -p tcp -m tcp --sport 443 -j ACCEPT
[root@nt1 ~]# iptables -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT
[root@nt1 ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
[root@nt1 ~]# service iptables restart
iptables: Setting chains to policy ACCEPT: nat filter mangl[ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
[root@nt1 ~]# nmap 167.88.123.97 -p 443

Starting Nmap 5.51 ( http://nmap.org ) at 2016-05-14 20:31 EDT
Nmap scan report for nt1.t100free.com.br (167.88.123.97)
Host is up (0.000058s latency).
PORT STATE SERVICE
443/tcp closed https

Nmap done: 1 IP address (1 host up) scanned in 0.06 seconds
[root@nt1 ~]#

removido
(usa Nenhuma)

Enviado em 14/05/2016 - 21:42h

Meu ipconfig está assim agora:

# Generated by iptables-save v1.4.7 on Sat May 14 20:31:14 2016
*nat
:PREROUTING ACCEPT [6:318]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Sat May 14 20:31:14 2016
# Generated by iptables-save v1.4.7 on Sat May 14 20:31:14 2016
*filter
:INPUT ACCEPT [4:336]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [5:504]
-A INPUT -p tcp -m tcp --sport 443 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT
COMMIT
# Completed on Sat May 14 20:31:14 2016
# Generated by iptables-save v1.4.7 on Sat May 14 20:31:14 2016
*mangle
:PREROUTING ACCEPT [118:10718]
:INPUT ACCEPT [118:10718]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [88:12694]
:POSTROUTING ACCEPT [88:12694]
COMMIT
# Completed on Sat May 14 20:31:14 2016

removido
(usa Nenhuma)

Enviado em 15/07/2016 - 14:21h

iptables -A INPUT -p TCP --dport 443 -j ACCEPT
iptables -A FORWARD -p TCP --dport 443 -j ACCEPT

Olha a politica das tabelas e se não possue uma regra bloqueando essa porta.

removido
(usa Nenhuma)

Enviado em 15/07/2016 - 14:24h

pq não ultilize uma porta menos conhecida evitar serios problemas.

removido
(usa Nenhuma)

Enviado em 18/07/2016 - 13:02h

Cara vc quer abrir a porta 443 ou mudar seu ssh pra porta 443? pq pelo oque todos percebem vc consegue acessar seu servidor e não há regras na tabela INPUT que negue o acesso ao ssh, se for mudar a porta vai ser facil resolver isso.