我的Mac OS X 10.4 Tiger上有以下ipfw设置:
00100 allow ip from any to 123.123.123.123 00110 allow tcp from any to 123.123.123.123 00120 allow udp from any to 123.123.123.123 00130 allow ip from 123.123.123.123 to any 00140 allow tcp from 123.123.123.123 to any 00150 allow udp from 123.123.123.123 to any 65534 deny ip from any to any 65535 allow ip from any to any 我试图从IP地址为123.123.123.123的Linux计算机ssh到Mac,而sshd在Mac上运行。 但是,SSH客户端输出以下内容:
ssh [email protected] -v OpenSSH_5.5p1, OpenSSL 1.0.0d-fips 8 Feb 2011 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to mac.example.com [10.10.10.10] port 22. debug1: Connection established. debug1: identity file /home/me/.ssh/id_rsa type -1 debug1: identity file /home/me/.ssh/id_rsa-cert type -1 debug1: identity file /home/me/.ssh/id_dsa type -1 debug1: identity file /home/me/.ssh/id_dsa-cert type -1 ssh_exchange_identification: Connection closed by remote host
什么可能导致Mac甚至在要求密码之前突然closures连接?
我相信它与IPFW设置有关,因为当我只有65535 allow ip from any to any IPFW设置的ssh工作。 例如,我需要一个反向DNS查找规则吗?
首先,如果你首先允许所有的ip ,那么不需要指定tcp和udp。 而且,通过allow ip from me to any来允许所有的出站连接来启动你的规则通常会更容易。
试试这个规则集,看看会发生什么:
00100 allow ip from me to any 00200 allow ip from 123.123.123.123 to me ssh 01000 allow icmp from any to any 01001 allow igmp from any to any 65534 deny ip from any to any
改进的有状态版本:
00060 check-state 00100 allow ip from me to any keep-state 00200 allow ip from 123.123.123.123 to me ssh setup keep-state 01000 allow icmp from any to any 01001 allow igmp from any to any 65534 deny ip from any to any