ssh rules in iptables with 2 interfaces?

[cg]

Hi all,

So, I'm trying to set up SSH so that it will only take incoming connections on one of two interfaces.  I'm on a network running DHCP, so I can't do a "sshd -o I.P.a.ddress", since I can't guarantee that a given interface will always have the same IP.  I got some help on Reddit creating a script that steals the current IP from ifconfig, but I can't figure out how to load it into sshd_config (apparently "cat [script] > sshd_config"  doesn't work how I thought it did).

I did some reading online and found a lot of articles explaining how to set up iptables to allow an SSH connection (iptables -A INPUT -i eth1 -p tcp -m tcp --dport 22 -j DROP), and figured "well, since I want to disallow SSH on eth1 and allow it on eth0, this should work fine!"  I entered the command, added /usr/local/sbin/basic-firewall to /opt/bootlocal.sh, and restarted.  I then tried to SSH into both interfaces; neither one worked.

"Okay," I said, "What if I add a rule that allows SSH on eth0?"  So, I did 'iptables -A INPUT -i eth0 -p tcp -m tcp --dport 22 -k ACCEPT', restarted, tried to SSH into both interfaces, and got into both.  Argh.

Am I doing something entirely wrong?  Is this even a Thing That Can Be Done?

Thanks!

[hiro]

if you have the ip in $IP issue something like this to change the sshd_config:

echo ",s/^ListenAddress.*/ListenAddress $IP/
w" | sudo ed /usr/local/etc/ssh/sshd_config

Afterwards you also have to restart openssh - there's an function for that in the init.d script.

[Rich]

Hi cg

(apparently "cat [script] > sshd_config"  doesn't work how I thought it did).

I take it this script prints the IP to the screen when run, so you would then want:

Code: [Select]

script > sshd_configMake sure the script is executable first:

Code: [Select]

chmod 755 scriptThe following link was recommended by danielibarnes in another thread:
http://www.frozentux.net/iptables-tutorial/iptables-tutorial.html

[cg]

Hi cg

(apparently "cat [script] > sshd_config"  doesn't work how I thought it did).

I take it this script prints the IP to the screen when run,

I tested it with a pair of junk files, and with those, it added the contents of the first to the second.

so you would then want:
[code) script > sshd_config
Make sure the script is executable first:
[code) chmod 755 script

...oh.   Yeah, I'll just be over here, facepalming myself into oblivion. >_>

[hiro]

Perhaps you should read "The Unix programming environment".

Basic bourne shell syntax and how to concatenate files should be some basic knowledge if you want to fiddle around with (l)unix systems such as tinycore.

[Rich]

Hi cg
If you need some help for the basics, this might be worth checking out:
http://forum.tinycorelinux.net/index.php/topic,12086.msg64478.html#msg64478

[cg]

Hi cg
If you need some help for the basics, this might be worth checking out:
http://forum.tinycorelinux.net/index.php/topic,12086.msg64478.html#msg64478

Duly noted - thanks!

[hiro]

Hi cg
If you need some help for the basics, this might be worth checking out:
http://forum.tinycorelinux.net/index.php/topic,12086.msg64478.html#msg64478

Sorry, but I don't think these come anywhere near what the books from K&R can deliver. Rather go for that book I mentioned earlier if you want to understand essential concepts and philosophies behind UNIX, instead of modern (soon to be deprecated) non-working reimplementations.
The book is really easy and fast to read.