Hi,
I have servers with public IP addresses in a DMZ behind a firewall.
The firewall has two network interface, one connected to the DMZ, the
other to the ISP router.
From local network, I can access the server via SSH on port 22/TCP.
I would like to access the server from the outside on another port like
12345/TCP. I try to translate the SSH port on the firewall with a DNAT rule.
I have these rules :
iptables -A FORWARD -i $EXTERNAL_INTERFACE -o $INTERNAL_INTERFACE -p tcp
--sport $UNPRIVPORTS -d $SERVER --dport 22 -m state --state NEW -j ACCEPT
iptables -t nat -A PREROUTING -i $EXTERNAL_INTERFACE -p tcp -d $SERVER
--dport 12345 -j DNAT --to-destination $SERVER:22
With these rules I can access the server on ports 22/TCP and 12345/TCP.
How I can ensure that access will possible only on port 12345/TCP and
not on port 22/TCP ?
Regards.
--
==============================================
| FRÉDÉRIC MASSOT |
| http://www.juliana-multimedia.com |
| mailto:[EMAIL PROTECTED] |
===========================Debian=GNU/Linux===
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
