[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: DNAT TCP 12345 -> 22

Márcio H. Parreiras wrote:
Try the rules below, simple and clean:

EXT_IF='eth1'    # the interface connected to Internet
SERVER=' <>' # or any else IP allocated to machine
SSH_SERVER='12345'    # or another port you want
$IPTABLES -t nat -A PREROUTING -i $EXT_IF -p tcp --dport $SSH_SERVER -j DNAT --to $SERVER:$SSH $IPTABLES -t filter -A FORWARD -i $EXT_IF -p tcp --dport $SSH -d $SERVER -j ACCEPT

note: server's sshd may listen on port 22 only.


I think your rules correspond to mine :

iptables -A FORWARD -i $EXTERNAL_INTERFACE -o $INTERNAL_INTERFACE -p tcp --sport $UNPRIVPORTS -d $SERVER --dport 22 -m state --state NEW -j ACCEPT

iptables -t nat -A PREROUTING -i $EXTERNAL_INTERFACE -p tcp -d $SERVER --dport 12345 -j DNAT --to-destination $SERVER:22

The problem is that it opens the ports 22 and 12345 to the server.

|              FRÉDÉRIC MASSOT               |
|     http://www.juliana-multimedia.com      |
|   mailto:frederic@juliana-multimedia.com   |

Reply to: