DNAT TCP 12345 -> 22

by =?ISO-8859-15?Q?Fr=E9d=E9ric_Massot?= <frederic@[EMAIL PROTECTED] Mar 20, 2008 at 08:30 PM

Hi,

I have servers with public IP addresses in a DMZ behind a firewall.

The firewall has two network interface, one connected to the DMZ, the 
other to the ISP router.

 From local network, I can access the server via SSH on ****t 22/TCP.

I would like to access the server from the outside on another ****t like 
12345/TCP. I try to translate the SSH ****t on the firewall with a DNAT
rule.

I have these rules :

iptables -A FORWARD -i $EXTERNAL_INTERFACE -o $INTERNAL_INTERFACE -p tcp 
--s****t $UNPRIV****TS -d $SERVER --d****t 22 -m state --state NEW -j ACCEPT

iptables -t nat -A PREROUTING -i $EXTERNAL_INTERFACE -p tcp -d $SERVER 
--d****t 12345 -j DNAT --to-destination $SERVER:22

With these rules I can access the server on ****ts 22/TCP and 12345/TCP.

How I can ensure that access will possible only on ****t 12345/TCP and 
not on ****t 22/TCP ?


Regards.
-- 
==============================================
|              FRÉDÉRIC MASSOT               |
|     http://www.juliana-multimedia.com
     |
|   mailto:frederic@[EMAIL PROTECTED]
   |
===========================Debian=GNU/Linux===


-- 
To UNSUBSCRIBE, email to debian-firewall-REQUEST@[EMAIL PROTECTED]
 a subject of "unsubscribe". Trouble? Contact
listmaster@[EMAIL PROTECTED]

13 Posts in Topic:

DNAT TCP 12345 -> 22

=?ISO-8859-15?Q?Fr=E9d=E9

2008-03-20 20:30:18

Re: DNAT TCP 12345 -> 22

Ansgar -59cobalt- Wiecher

2008-03-20 22:10:12

Re: DNAT TCP 12345 -> 22

=?ISO-8859-1?Q?Fr=E9d=E9r

2008-03-21 12:20:09

Re: DNAT TCP 12345 -> 22

Ansgar -59cobalt- Wiecher