LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 02-21-2005, 04:46 PM   #1
zahoo
Member
 
Registered: Nov 2004
Location: EU, HUNGARY, Budapest
Distribution: Debian SID
Posts: 40

Rep: Reputation: 15
Port 80 forwarding to port 22 with iptables


Hi,

could you please help me? I want to forward from a specific public ip address let's say 152.66.232.20 the port 80 to port 22 on my firewall. I'm using iptables on Debian Linux.
I'd need a rule that would make this working and it's secure too. I guess that I got to add a rule something like this:

iptables -A FORWARD -p tcp --sport 80 -i ppp0 -o eth0 --dport 22 -j ACCEPT

where ppp0 is my interface to the internet (physically this is my eth0 interface)

Thanks!

Zahoo
 
Old 02-22-2005, 05:04 AM   #2
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
What exactly are you trying to achieve?
 
Old 02-22-2005, 05:29 AM   #3
zahoo
Member
 
Registered: Nov 2004
Location: EU, HUNGARY, Budapest
Distribution: Debian SID
Posts: 40

Original Poster
Rep: Reputation: 15
What I want to do is to ssh into my firewall from the internet through port 80. The problem is that the sshd is running on port 22 on my firewall and I don't want to change it since my web server is running on 80 too and I don't want to change that neither. So I figured out that my only chance to do this if I ssh on port 80 from a specific IP (another box of mine on the internet) to my firewall that will forward this incoming package specificly to port 22 in order to create the connection between my another box on the internet and the firewall's sshd.An I only want to forward the port 80 from that IP number any other case I don't want to forward it (since people couldn't connect to my web server then).


That' what I try to achieve.

Thanks.
 
Old 02-22-2005, 08:22 AM   #4
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
So it looks like you have a problem getting out on port 22 on the remote box, yes?

On the firewall do..
iptables -t nat -A PREROUTING -i eth? -s 152.66.232.20 -p tcp --dport 443 -j REDIRECT --to-ports 22

It is recommended using the -i eth? specifier to restrict the rule to the inernet interface.
Change the ? to the eth number.. You can read man iptables to get an explanation of REDIRECT

Of course using port 80, the remote ip number will not be able to browse the web server at your address..
I have suggested using port 443, usually used for https. It should be open at the remote site..
You may encounter an http proxy at the remote end which may block this working..
Depending on restrictions at the remote end, you may have to find a free port, eg 123 ntp time..

Last edited by peter_robb; 02-22-2005 at 08:31 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
IPCHAINS port forwarding and IPTABLES port forwarding ediestajr Linux - Networking 26 01-14-2007 08:35 PM
port forwarding with iptables kkennedy Linux - Networking 1 09-01-2005 07:48 PM
iptables port forwarding MadTurki Linux - Networking 6 01-05-2004 02:03 PM
iptables port forwarding hawk4eye Linux - Security 2 02-07-2003 05:47 AM
iptables and port forwarding jamesws Linux - Networking 0 02-10-2002 07:57 PM


All times are GMT -5. The time now is 03:58 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration