I am trying to set up port knocking on my server to enhance security. I've configured my firewall rules to use port knocking, where I have to connect to specific ports in a specific sequence before being allowed to connect to SSH.
Here are the relevant portions of my firewall rules:
Chain INPUT (policy DROP)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp dpt:1001 recent: SET name: RECENT side: source mask: 255.255.255.255
DROP tcp -- anywhere anywhere tcp dpt:2002 recent: CHECK seconds: 60 name: RECENT side: source mask: 255.255.255.255
SSH tcp -- anywhere anywhere tcp dpt:ssh recent: CHECK seconds: 60 name: RECENT side: source mask: 255.255.255.255
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain SSH (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
However, I am unable to connect to my server even after successfully performing the port knocking sequence.
I've tried the following steps:
- Sent TCP packets to port 1001 followed by port 2002.
- Waited for a few moments.
- Attempted to connect to SSH port (usually 22).
# Port Knocking
nc -zv server_ip 1001
# Wait a few seconds
nc -zv server_ip 2002
# SSH Connection
ssh user@server_ip
Despite these steps, I'm unable to establish an SSH connection.
What could be causing this issue? Are there any additional configurations or troubleshooting steps I should consider?
Thank you for your assistance!
knockd: packages.ubuntu.com/…