Re: DNAT TCP 12345 -> 22

To: debian-firewall@lists.debian.org
Subject: Re: DNAT TCP 12345 -> 22
From: Ansgar -59cobalt- Wiechers <lists@planetcobalt.net>
Date: Fri, 21 Mar 2008 14:46:58 +0100
Message-id: <20080321134658.GB6255@mail.planetcobalt.net>
In-reply-to: <47E398F1.90407@juliana-multimedia.com>
References: <47E2B09E.1070708@juliana-multimedia.com> <20080320203417.GA1882@mail.planetcobalt.net> <47E398F1.90407@juliana-multimedia.com>

On 2008-03-21 Frédéric Massot wrote:
> Ansgar -59cobalt- Wiechers wrote:
>> On 2008-03-20 Frédéric Massot wrote:
>>> How I can ensure that access will possible only on port 12345/TCP
>>> and not on port 22/TCP ?
>> 
>> Have your sshd listen on both ports, and allow only 12345/tcp inbound
>> on your external firewall.
> 
> Yes it is a solution that works, but I would like to find a solution
> with the firewall.

Why? Using NAT (or rather PAT) for this will not gain you any security.
You may even lose security, because NAT requires additional code on your
firewall, that may contain additional (exploitable) holes. Keep it
simple.

Regards
Ansgar
-- 
"The Mac OS X kernel should never panic because, when it does, it
seriously inconveniences the user."
--http://developer.apple.com/technotes/tn2004/tn2118.html

Reply to:

References:
- DNAT TCP 12345 -> 22
  - From: Frédéric Massot <frederic@juliana-multimedia.com>
- Re: DNAT TCP 12345 -> 22
  - From: Ansgar -59cobalt- Wiechers <lists@planetcobalt.net>
- Re: DNAT TCP 12345 -> 22
  - From: Frédéric Massot <frederic@juliana-multimedia.com>

Prev by Date: Tru
Next by Date: Re: DNAT TCP 12345 -> 22
Previous by thread: Re: DNAT TCP 12345 -> 22
Next by thread: Re: DNAT TCP 12345 -> 22
Index(es):
- Date
- Thread