LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Fedora
User Name
Password
Fedora This forum is for the discussion of the Fedora Project.

Notices

Reply
 
LinkBack Search this Thread
Old 04-16-2011, 11:47 AM   #1
Yalla-One
Member
 
Registered: Oct 2004
Location: Norway
Distribution: Slackware, CentOS
Posts: 635

Rep: Reputation: 35
Using iptables to make port 22 accessible through 4455 externally


Hi,

Have previously moved my ssh server from 22 to 4455 just by moving the port in sshd_config. This is done to minimize the log entries resulting from brute force attacks.

However, it seems like Zimbra and other local services expect to find the ssh service locally available on port 22, so I figured it's better to move the port in the firewall so that it remains configured on port 22 in sshd_config, and instead use iptables with a nat/port rewrite to move 4455 incoming to 22 locally.

I have tried this line:
Code:
iptables -A PREROUTING -t nat -p tcp --dport 4455 -j REDIRECT --to-port 22
and then do an /etc/init.d/iptables save

Isolated this works as long as I also keep allowing port 22, but the moment I close port 22, port 4455 is also dead, which sort of defies the purpose

Last edited by Yalla-One; 04-16-2011 at 12:30 PM. Reason: pressed save halfway through the post and noticed too late...
 
Old 04-16-2011, 01:03 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,345

Rep: Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945
use dnat instead and specify a destination of 127.0.0.1 http://linux-ip.net/html/nat-dnat.html But where are you blocking port 22? The redirect would on the server would only not work if you block 22 on the server itself, which surely is not what you want? Isn't it on your firewall where you're blocking 22?

Last edited by acid_kewpie; 04-16-2011 at 01:04 PM.
 
Old 04-17-2011, 04:43 AM   #3
Yalla-One
Member
 
Registered: Oct 2004
Location: Norway
Distribution: Slackware, CentOS
Posts: 635

Original Poster
Rep: Reputation: 35
Thanks much for answering! The server is colocated so there's no firewall in front of it I'm afraid. Thus the need for paranoid iptables. So the firewall is just a set of iptables running on the box itself, which is supposed to ban external incoming connections on port 22, but allow them internally on 22, and remap external from 4455 to 22 so that it is accessible from the outside over ssh...

Just to make it easy :-) Perhaps this is more iptables-specific than Fedora, and thus should be moved to firewall/security section?
 
  


Reply

Tags
iptables, port forwarding, ssh


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Port not accessible from remote machine harshildesai Linux - Server 1 07-17-2009 09:56 AM
samba drive not accessible unless iptables is stopped powah Linux - Server 4 01-30-2008 05:54 PM
how to make iptables blacklist a user if they connect to a certain port GeorgeMoney Linux - Networking 5 04-08-2007 05:06 AM
web server not accessible externally GoBillsBN Linux - Networking 1 04-29-2006 11:55 PM
Port accessible only from local machine pfournier Red Hat 1 01-10-2005 12:53 PM


All times are GMT -5. The time now is 07:08 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration