[SOLVED] Help Me Configure My Firewall to Accept SSH...

Quick to answer questions about finding your way around Linux Mint as a new user.
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions use the other forums in the support section.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Locked
w201

[SOLVED] Help Me Configure My Firewall to Accept SSH...

Post by w201 »

Hey everyone,

I can't seem to ssh into my mint machine from another linux machine, unless I turn off my firewall.

With the firewall active, If I go to administration >firewall configuration and add rules to allow ssh connections through port 22 from a LAN address to another LAN address, it still doesn't work. Any of you guys know how to set this up so I can ssh without having to turn off my firewall?

Thanks a bunch!
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 2 times in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
User avatar
mint-me
Level 3
Level 3
Posts: 146
Joined: Sat May 26, 2012 2:25 am
Location: Australia

Re: Help Me Configure My Firewall to Accept SSH Connections

Post by mint-me »

I assume you are using gufw/ufw.

Set the top drop-down, Incoming -> Allow
this will allow all incoming connections.

Allow ftp connection first, add rule from "Advanced" tab:
Allow > In > Both
From: IP [Client]
To: IP [Server] Port [22]

Then block all other incoming, add rules from "Simple" tab:
Deny > In > TCP 1:65535
Deny > In > UDP 1:65535

That should do it.
Debian 11 Bullseye Xfce: HP Notebook 15 BS143TU Intel® Core™ i5-8250U, 8GB DDR4 2400Mhz, Intel® UHD Graphics 620, 1366x768 15.6", 1 TB SATA
w201

Re: Help Me Configure My Firewall to Accept SSH Connections

Post by w201 »

mint-me wrote:I assume you are using gufw/ufw.

Set the top drop-down, Incoming -> Allow
this will allow all incoming connections.

Allow ftp connection first, add rule from "Advanced" tab:
Allow > In > Both
From: IP [Client]
To: IP [Server] Port [22]

Then block all other incoming, add rules from "Simple" tab:
Deny > In > TCP 1:65535
Deny > In > UDP 1:65535

That should do it.
That did it, mint-me. You're a rockstar :mrgreen:
User avatar
mint-me
Level 3
Level 3
Posts: 146
Joined: Sat May 26, 2012 2:25 am
Location: Australia

Re: [SOLVED] Help Me Configure My Firewall to Accept SSH...

Post by mint-me »

Glad to be of help, w201.

The way you are doing it (SSH) is also my favorite, and most secure way to connect on the network.

Enjoy!
Debian 11 Bullseye Xfce: HP Notebook 15 BS143TU Intel® Core™ i5-8250U, 8GB DDR4 2400Mhz, Intel® UHD Graphics 620, 1366x768 15.6", 1 TB SATA
ronkz

Re: [SOLVED] Help Me Configure My Firewall to Accept SSH...

Post by ronkz »

@Mint-Me:
Your solutions here appear to be correct. BUT I made those settings and they don't work for me.
I'm running Cinnamon 16 until I can manage to install Mate 17 - another story. Have installed GUTW and UTW was already here.

My servers are ISP Frontier.com and Webserver Powweb.com;
I can receive/send on both servers using their webmail.
But on Thunderbird 24.6.0 neither server's smtp will Send
On Powweb my new POP mail comes in fine, but I cannot reply/send.
On Frontier neither POP nor SMTP works.
Thunderbird was working okay until maybe a couple of months ago but then no longer did what is expected on send/receive.

The only other thing I can think of causing this problem would be the Anti-Virus app I installed about the same time when all these problems arose. It seems that messing with the firewall settings fixes nothing.

I'd appreciate any thoughts you may have
User avatar
mint-me
Level 3
Level 3
Posts: 146
Joined: Sat May 26, 2012 2:25 am
Location: Australia

Re: [SOLVED] Help Me Configure My Firewall to Accept SSH...

Post by mint-me »

hi rokz, this sounds like email problems which may (or may not) be caused by Firewall settings. Really should post this as a new thread.
Generally you will ALLOW OUT mostly everything, and DENY IN mostly everything with exceptions to allow incoming requests to a server - on your machine.

Do you use anything to monitor connections? That is essential if you want to "see" whats happening. Here is a handy program that can help, and is available in Mint repos.


hardinfo


It's called "hardinfo" and once installed, appears under
Menu > Administration > System Profiler and Benchmark

Install it from Software Manager, or open terminal and enter

Code: Select all

sudo apt-get install hardinfo
The section I frequently use to monitor connections is
Network > IP Connections

A shortcut can be made that launches just the Network module, just insert this as Command:

Code: Select all

hardinfo -m network.so

Now you can see all connections made, IP Addresses and Ports. For email there are various ports used, so monitor whats happening and craft your firewall rules accordingly.
Debian 11 Bullseye Xfce: HP Notebook 15 BS143TU Intel® Core™ i5-8250U, 8GB DDR4 2400Mhz, Intel® UHD Graphics 620, 1366x768 15.6", 1 TB SATA
ronkz

Re: [SOLVED] Help Me Configure My Firewall to Accept SSH...

Post by ronkz »

@mint-me
Well, yes, part of my post might be considered a diversion, for which I apologize, but all I was really doing was reporting that the solution didn't work for me, and 'fessing I did figure that the problems lie elsewhere.

As to HARDINFO, I installed and ran it, and it's amazing, but seeing all that information, understanding what it's all about, and being able to do something with it, is way beyond me! So I thank you for the info, but I'm unable to attack from this angle. I guess I'll have to try (and probably again fail) to get my ISP support at frontier.com to fix my headaches. Frankly, they say they don't support anything Linux, plus it's apparent few of them even know Thunderbird. So I'm hunting now for a better ISP, which under these circumstances is quite a task!

So I thank you for showing your savvy. amd we can both just move on to other matters!

:oops:
Locked

Return to “Beginner Questions”