Re: DNAT TCP 12345 -> 22

by Ansgar -59cobalt- Wiechers <lists@[EMAIL PROTECTED] > Mar 21, 2008 at 02:50 PM

On 2008-03-21 Frédéric Massot wrote:
> Ansgar -59cobalt- Wiechers wrote:
>> On 2008-03-20 Frédéric Massot wrote:
>>> How I can ensure that access will possible only on ****t 12345/TCP
>>> and not on ****t 22/TCP ?
>> 
>> Have your sshd listen on both ****ts, and allow only 12345/tcp inbound
>> on your external firewall.
> 
> Yes it is a solution that works, but I would like to find a solution
> with the firewall.

Why? Using NAT (or rather PAT) for this will not gain you any security.
You may even lose security, because NAT requires additional code on your
firewall, that may contain additional (exploitable) holes. Keep it
simple.

Regards
Ansgar
-- 
"The Mac OS X kernel should never panic because, when it does, it
seriously inconveniences the user."
--http://developer.apple.com/technotes/tn2004/tn2118.html


-- 
To UNSUBSCRIBE, email to debian-firewall-REQUEST@[EMAIL PROTECTED]
 a subject of "unsubscribe". Trouble? Contact
listmaster@[EMAIL PROTECTED]

13 Posts in Topic:

DNAT TCP 12345 -> 22

=?ISO-8859-15?Q?Fr=E9d=E9

2008-03-20 20:30:18

Re: DNAT TCP 12345 -> 22

Ansgar -59cobalt- Wiecher

2008-03-20 22:10:12

Re: DNAT TCP 12345 -> 22

=?ISO-8859-1?Q?Fr=E9d=E9r

2008-03-21 12:20:09

Re: DNAT TCP 12345 -> 22

Ansgar -59cobalt- Wiecher