LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page iptables rule to remap incoming ssh from 2202 -> 22
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-21-2009, 05:00 AM   #1
Yalla-One
Member
 
Registered: Oct 2004
Location: Norway
Distribution: Slackware, CentOS
Posts: 641

Rep: Reputation: 36
iptables rule to remap incoming ssh from 2202 -> 22

Hi,

I am trying to create a very simple firewall rule that remaps incoming ssh traffic from port 2202 to port 22 on current host.
(yes, I know I can change the port in sshd_config, but that breaks a few other things)
So instead of making a hole in my iptables for port 22, I'd like to make a hole for 2202 and point it to 22. Is that possible with a few lines of iptables?

Thanks in advance!

-y1
 
Old 12-21-2009, 05:17 AM   #2
GrapefruiTgirl
LQ Guru
 
Registered: Dec 2006
Location: underground
Distribution: Slackware64
Posts: 7,594

Rep: Reputation: 556Reputation: 556Reputation: 556Reputation: 556Reputation: 556Reputation: 556
Check out this nifty little tutorial: http://www.web-articles.info/e/a/tit...with-iptables/

The DNAT section shows precisely what you are looking for -- remapping a high port to the SSH port.

Sasha
 
1 members found this post helpful.
Old 12-21-2009, 05:29 AM   #3
Yalla-One
Member
 
Registered: Oct 2004
Location: Norway
Distribution: Slackware, CentOS
Posts: 641

Original Poster
Rep: Reputation: 36
Thanks much!
 
Old 12-21-2009, 08:27 AM   #4
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
If these iptables would be run on the SSH box itself, then you could use REDIRECT as an alternative to DNAT. One of the benefits would be that you wouldn't need to worry about the IP address, since it's done automatically. Example:
Code:
iptables -t nat -A PREROUTING -i eth0 -p TCP --dport 2202 -j REDIRECT --to-port 22
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables: rule with RETURN target just after a rule with ACCEPT target Nerox Linux - Networking 6 09-04-2011 03:33 PM
How to let incoming and outgoing in iptables revinking Linux - Networking 1 08-03-2008 07:35 AM
iptables rule: ssh does not connect reliably Robert S Linux - Networking 3 12-08-2007 08:04 AM
incoming connections with iptables willyweedle Linux - Networking 2 08-05-2007 02:33 PM
Block incoming port Iptables cli_man Linux - Networking 5 08-11-2003 08:32 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:09 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration