iptables help! DROP ssh port, but allow to connect to ssh if from 2222 port
 

Greetings,

I am sorry if I repeat any thread in forum, but i need some help quick.

Runing slackware 10.2 kernel 2.6 as a router
external interface - eth0
internal interface - eth1
subnet - 192.168.0.x

I am still relative newbie to linux and trying to configure IPTABLES.

My goal is to make that:
1) All external connections to port 22(ssh) would be dropped, while connections from internal network it would be open. My rule for this is:
iptables -A INPUT -i eth0 -p tcp -m tcp --dport 22 -j DROP

2) (which is actualy my current problem!!!) I want to make that if trying to connect to my router using port 2222 (not 22) it would somehow forward request to port 22 and allow a connection. (Some sort of tricky hiding :) )

Thanks
Kandzha

Some sort of tricky hiding
If you're concerned about remote SSH attempts better check out ways to thwart that: http://www.linuxquestions.org/questi...d.php?t=340366

[QUOTE=unSpawn]Some sort of tricky hiding
If you're concerned about remote SSH attempts better check out ways to thwart that
No thats not my problem, i just want to be able to connect to router from my home :)

Yes this is fine.
But better way of doing this would be to change the port at which sshd is running at by mentioning in /etc/ssh/sshd.conf & blocking all requests @ 22 nos of port @ INPUT chain.

iptables -A INPUT -p tcp --dport 22 -s ! 192.168.0.0/24 -j DROP
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2222 -j DNAT --to 192.168.0.1:22