[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: DNAT TCP 12345 -> 22

Stephen Benoit (Linux) wrote:
Hello, Frédéric.

To block (reject) a TCP port $SERVICE (22 in this case) on the external
interface, try a rule like:

# iptables -I INPUT 1 -j REJECT -p tcp -s 0/0 -i $EXTERNAL_INTERFACE
--dport $SERVICE

With your earlier rules in place, tcp port 22 on the internal interface
and tcp port 12345 on the external interface should both still work.


The server that I want access through SSH is different from the firewall, the server is in the DMZ and has one network interface (chains INPUT or OUTPUT), the firewall with two network interfaces (chain FORWARD). The INPUT chain on the firewall is not involved in the decision.

|              FRÉDÉRIC MASSOT               |
|     http://www.juliana-multimedia.com      |
|   mailto:frederic@juliana-multimedia.com   |

Reply to: