[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: DNAT TCP 12345 -> 22

On 2008-03-21 Frédéric Massot wrote:
> Ansgar -59cobalt- Wiechers wrote:
>> On 2008-03-20 Frédéric Massot wrote:
>>> How I can ensure that access will possible only on port 12345/TCP
>>> and not on port 22/TCP ?
>> Have your sshd listen on both ports, and allow only 12345/tcp inbound
>> on your external firewall.
> Yes it is a solution that works, but I would like to find a solution
> with the firewall.

Why? Using NAT (or rather PAT) for this will not gain you any security.
You may even lose security, because NAT requires additional code on your
firewall, that may contain additional (exploitable) holes. Keep it

"The Mac OS X kernel should never panic because, when it does, it
seriously inconveniences the user."

Reply to: