Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 12-21-2009, 05:00 AM   #1
Registered: Oct 2004
Location: Norway
Distribution: Slackware, CentOS
Posts: 641

Rep: Reputation: 36
iptables rule to remap incoming ssh from 2202 -> 22


I am trying to create a very simple firewall rule that remaps incoming ssh traffic from port 2202 to port 22 on current host.
(yes, I know I can change the port in sshd_config, but that breaks a few other things)
So instead of making a hole in my iptables for port 22, I'd like to make a hole for 2202 and point it to 22. Is that possible with a few lines of iptables?

Thanks in advance!

Old 12-21-2009, 05:17 AM   #2
LQ Guru
Registered: Dec 2006
Location: underground
Distribution: Slackware64
Posts: 7,594

Rep: Reputation: 555Reputation: 555Reputation: 555Reputation: 555Reputation: 555Reputation: 555
Check out this nifty little tutorial:

The DNAT section shows precisely what you are looking for -- remapping a high port to the SSH port.

1 members found this post helpful.
Old 12-21-2009, 05:29 AM   #3
Registered: Oct 2004
Location: Norway
Distribution: Slackware, CentOS
Posts: 641

Original Poster
Rep: Reputation: 36
Thanks much!
Old 12-21-2009, 08:27 AM   #4
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
If these iptables would be run on the SSH box itself, then you could use REDIRECT as an alternative to DNAT. One of the benefits would be that you wouldn't need to worry about the IP address, since it's done automatically. Example:
iptables -t nat -A PREROUTING -i eth0 -p TCP --dport 2202 -j REDIRECT --to-port 22


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables: rule with RETURN target just after a rule with ACCEPT target Nerox Linux - Networking 6 09-04-2011 03:33 PM
How to let incoming and outgoing in iptables revinking Linux - Networking 1 08-03-2008 07:35 AM
iptables rule: ssh does not connect reliably Robert S Linux - Networking 3 12-08-2007 08:04 AM
incoming connections with iptables willyweedle Linux - Networking 2 08-05-2007 02:33 PM
Block incoming port Iptables cli_man Linux - Networking 5 08-11-2003 08:32 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:33 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration