Hi,

could you please help me? I want to forward from a specific public ip address let's say 152.66.232.20 the port 80 to port 22 on my firewall. I'm using iptables on Debian Linux.
I'd need a rule that would make this working and it's secure too. I guess that I got to add a rule something like this:

iptables -A FORWARD -p tcp --sport 80 -i ppp0 -o eth0 --dport 22 -j ACCEPT

where ppp0 is my interface to the internet (physically this is my eth0 interface)

Thanks!

Zahoo

What exactly are you trying to achieve?

What I want to do is to ssh into my firewall from the internet through port 80. The problem is that the sshd is running on port 22 on my firewall and I don't want to change it since my web server is running on 80 too and I don't want to change that neither. So I figured out that my only chance to do this if I ssh on port 80 from a specific IP (another box of mine on the internet) to my firewall that will forward this incoming package specificly to port 22 in order to create the connection between my another box on the internet and the firewall's sshd.An I only want to forward the port 80 from that IP number any other case I don't want to forward it (since people couldn't connect to my web server then).


That' what I try to achieve.

Thanks.

So it looks like you have a problem getting out on port 22 on the remote box, yes?

On the firewall do..
iptables -t nat -A PREROUTING -i eth? -s 152.66.232.20 -p tcp --dport 443 -j REDIRECT --to-ports 22

It is recommended using the -i eth? specifier to restrict the rule to the inernet interface.
Change the ? to the eth number.. You can read man iptables to get an explanation of REDIRECT

Of course using port 80, the remote ip number will not be able to browse the web server at your address..
I have suggested using port 443, usually used for https. It should be open at the remote site..
You may encounter an http proxy at the remote end which may block this working..
Depending on restrictions at the remote end, you may have to find a free port, eg 123 ntp time..