I'm currently trying to connect to my Linux Mint guest via SSH on my Windows 10 host. Better said, I'm trying to connect to the guest successfully with particular firewall rules in mind.
Using Virtual Box, I've enabled a host-only adapter for the Linux Mint virtual machine.
When allowing any and all traffic through port 22 via the firewall with that particular allow all rule, I'm able to successfully connect to the guest machine using SSH from my Windows host.
However, I want the Linux guest to only accept my IP for SSH. In other words, I want it to only accept my IP for port 22 (if that makes any sense).
I configured the Linux firewall with these rules and could not then after successfully connect:
GUEST IP 22/tcp ALLOW IN HOST IP 22/tcp
HOST IP 22/tcp ALLOW OUT GUEST IP 22/tcp
Note: The terms 'GUEST IP' and 'HOST IP' are simple placeholders for the associative IP address given the context. In this case, GUEST IP is the host-only adapter's IP address from the eth1 interface. Needless to say, the HOST IP represents the host IP address found on my Windows 10 host.
I've done what I can to make it so that it'd work, but I honestly don't know how to get what I'm asking for at this point.
My current setup:
I would like to let it be known that my experience with Linux/Unix based systems is very limited as it is with using shells, SSH, and configuring firewalls.
I literally just installed the mentioned SSH software a day ago.
TL;DR: I want to make it so that my Linux guest is configured to only accept SSH traffic from my host computer. I'm assuming this is done via IP but I'm not sure how to do it. After adding the above firewall rules to the Linux guest, connecting no longer became successful and every attempt would time-out.
Additional Info: - I have seen around these neck of the woods folks mentioning port forwarding; I tried it, didn't work. Seeing as how I was able to get it to work with the host-only adapter, I figured it'd be fine without that solution.
As an aside, is it possible at all to connect to my Windows host via my Linux guest using SSH? I tried doing it from my Linux terminal, but it kept saying I didn't have permission to do so.
If you need clarification or additional information, please feel free to ask.
Thanks in advance!
— T.R.G.
TCP connections have two ports, source and destination. For outgoing SSH connections, the destination port is 22, but the source port is chosen randomly. (Only very few protocols, e.g. BGP, use identical source & destination ports.)
Therefore you would need to relax the rules to:
allow incoming from hostIP (any)/tcp to guestIP 22/tcp
allow outgoing from guestIP 22/tcp to hostIP (any)/tcp
If you're concerned about the guest connecting back to the host, you can remove the second rule as long as you're using a stateful firewall (which would allow outgoing packets belonging to an existing connection).
In iptables, a working ruleset would look like:
-A INPUT -p icmp -j ACCEPT
-A INPUT -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -j REJECT
# (Well, *I think* this should work.)
-A OUTPUT -p icmp -j ACCEPT
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -j REJECT
(Included "allow ICMP" because honestly)
이 기사는 인터넷에서 수집됩니다. 재 인쇄 할 때 출처를 알려주십시오.
침해가 발생한 경우 연락 주시기 바랍니다[email protected] 삭제
몇 마디 만하겠습니다