Re: DNAT TCP 12345 -> 22

To: debian-firewall@lists.debian.org
Subject: Re: DNAT TCP 12345 -> 22
From: Frédéric Massot <frederic@juliana-multimedia.com>
Date: Fri, 21 Mar 2008 12:28:06 +0100
Message-id: <47E39BC6.4040407@juliana-multimedia.com>
In-reply-to: <59348.192.168.1.15.1206046289.squirrel@www1.magnumline.com>
References: <47E2B09E.1070708@juliana-multimedia.com> <59348.192.168.1.15.1206046289.squirrel@www1.magnumline.com>

Stephen Benoit (Linux) wrote:

Hello, Frédéric.

To block (reject) a TCP port $SERVICE (22 in this case) on the external
interface, try a rule like:

# iptables -I INPUT 1 -j REJECT -p tcp -s 0/0 -i $EXTERNAL_INTERFACE
--dport $SERVICE

With your earlier rules in place, tcp port 22 on the internal interface
and tcp port 12345 on the external interface should both still work.

Hi,

The server that I want access through SSH is different from thefirewall, the server is in the DMZ and has one network interface (chainsINPUT or OUTPUT), the firewall with two network interfaces (chainFORWARD). The INPUT chain on the firewall is not involved in the decision.



Regards.
--
==============================================
|              FRÉDÉRIC MASSOT               |
|     http://www.juliana-multimedia.com      |
|   mailto:frederic@juliana-multimedia.com   |
===========================Debian=GNU/Linux===

Reply to:

Follow-Ups:
- Re: DNAT TCP 12345 -> 22
  - From: "Chris Henry" <chrishenry.ni@gmail.com>

References:
- DNAT TCP 12345 -> 22
  - From: Frédéric Massot <frederic@juliana-multimedia.com>
- Re: DNAT TCP 12345 -> 22
  - From: "Stephen Benoit (Linux)" <linux@magnumline.com>

Prev by Date: Re: DNAT TCP 12345 -> 22
Next by Date: Re: DNAT TCP 12345 -> 22
Previous by thread: Re: DNAT TCP 12345 -> 22
Next by thread: Re: DNAT TCP 12345 -> 22
Index(es):
- Date
- Thread