>> If I have a client connecting to port 22 on my server, say from 10.18.18.4 >> can I use IPtables to sent that connection to Port 8022 on the same box? >> >> At the same time I would want traffic from 10.18.19.4 to arrive on port 22 >> and be forwarded passed through to port 22. > > Something like: > > # iptables -t nat -A PREROUTING -p tcp -s $EVIL_IP -d $SERVER_EXTERNAL_IP > --dport 22 -j DNAT --to-destination $SERVER_EXTERNAL_IP:8022 > > might do the trick. That'll redirect just evil connections to 8022 > and won't touch stuff from other IPs Of course this stuff may not > scale well if you have thousands of "evil" IPs. If instead, you want > to white list "good" IPs and assume all others are "evil", that would > probably be easier to maintain and would scale better. I'm sure you > can work out the syntax of that after a quick `man iptables'.
i think the original poster wanted to magically create rules that would take port x and map to x+8000 based on incoming addresses. he wanted to avoid creating thousands of rules. to that, i don't think there is going to be an easy solution, so programatically creating the rules as needed, and i don't know if iptables will have limits on the number of rules. _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
