Re: DNAT TCP 12345 -> 22

Márcio H. Parreiras wrote:
> Try the rules below, simple and clean:
> 
> EXT_IF='eth1'    # the interface connected to Internet
> SERVER='192.168.0.1 <http://192.168.0.1>'
   # or any else IP allocated 
> to machine
> SSH='22'
> SSH_SERVER='12345'    # or another ****t you want
> $IPTABLES -t nat -A PREROUTING -i $EXT_IF -p tcp --d****t $SSH_SERVER -j 
> DNAT --to $SERVER:$SSH
> $IPTABLES -t filter -A FORWARD -i $EXT_IF -p tcp --d****t $SSH -d $SERVER

> -j ACCEPT
> 
> note: server's sshd may listen on ****t 22 only.

Hi,

I think your rules correspond to mine :

iptables -A FORWARD -i $EXTERNAL_INTERFACE -o $INTERNAL_INTERFACE -p tcp 
--s****t $UNPRIV****TS -d $SERVER --d****t 22 -m state --state NEW -j ACCEPT

iptables -t nat -A PREROUTING -i $EXTERNAL_INTERFACE -p tcp -d $SERVER 
--d****t 12345 -j DNAT --to-destination $SERVER:22

The problem is that it opens the ****ts 22 and 12345 to the server.

Regards.
-- 
==============================================
|              FRÉDÉRIC MASSOT               |
|     http://www.juliana-multimedia.com
     |
|   mailto:frederic@[EMAIL PROTECTED]
   |
===========================Debian=GNU/Linux===


-- 
To UNSUBSCRIBE, email to debian-firewall-REQUEST@[EMAIL PROTECTED]
 a subject of "unsubscribe". Trouble? Contact
listmaster@[EMAIL PROTECTED]