Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Distributions > Fedora
User Name
Fedora This forum is for the discussion of the Fedora Project.


  Search this Thread
Old 04-16-2011, 11:47 AM   #1
Registered: Oct 2004
Location: Norway
Distribution: Slackware, CentOS
Posts: 639

Rep: Reputation: 36
Using iptables to make port 22 accessible through 4455 externally


Have previously moved my ssh server from 22 to 4455 just by moving the port in sshd_config. This is done to minimize the log entries resulting from brute force attacks.

However, it seems like Zimbra and other local services expect to find the ssh service locally available on port 22, so I figured it's better to move the port in the firewall so that it remains configured on port 22 in sshd_config, and instead use iptables with a nat/port rewrite to move 4455 incoming to 22 locally.

I have tried this line:
iptables -A PREROUTING -t nat -p tcp --dport 4455 -j REDIRECT --to-port 22
and then do an /etc/init.d/iptables save

Isolated this works as long as I also keep allowing port 22, but the moment I close port 22, port 4455 is also dead, which sort of defies the purpose

Last edited by Yalla-One; 04-16-2011 at 12:30 PM. Reason: pressed save halfway through the post and noticed too late...
Old 04-16-2011, 01:03 PM   #2
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975
use dnat instead and specify a destination of But where are you blocking port 22? The redirect would on the server would only not work if you block 22 on the server itself, which surely is not what you want? Isn't it on your firewall where you're blocking 22?

Last edited by acid_kewpie; 04-16-2011 at 01:04 PM.
Old 04-17-2011, 04:43 AM   #3
Registered: Oct 2004
Location: Norway
Distribution: Slackware, CentOS
Posts: 639

Original Poster
Rep: Reputation: 36
Thanks much for answering! The server is colocated so there's no firewall in front of it I'm afraid. Thus the need for paranoid iptables. So the firewall is just a set of iptables running on the box itself, which is supposed to ban external incoming connections on port 22, but allow them internally on 22, and remap external from 4455 to 22 so that it is accessible from the outside over ssh...

Just to make it easy :-) Perhaps this is more iptables-specific than Fedora, and thus should be moved to firewall/security section?


iptables, port forwarding, ssh

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Port not accessible from remote machine harshildesai Linux - Server 1 07-17-2009 09:56 AM
samba drive not accessible unless iptables is stopped powah Linux - Server 4 01-30-2008 05:54 PM
how to make iptables blacklist a user if they connect to a certain port GeorgeMoney Linux - Networking 5 04-08-2007 05:06 AM
web server not accessible externally GoBillsBN Linux - Networking 1 04-29-2006 11:55 PM
Port accessible only from local machine pfournier Red Hat 1 01-10-2005 12:53 PM > Forums > Linux Forums > Linux - Distributions > Fedora

All times are GMT -5. The time now is 08:24 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration