> If I have a client connecting to port 22 on my server, say from 10.18.18.4 > can I use IPtables to sent that connection to Port 8022 on the same box? > > At the same time I would want traffic from 10.18.19.4 to arrive on port 22 > and be forwarded passed through to port 22.
Something like: # iptables -t nat -A PREROUTING -p tcp -s $EVIL_IP -d $SERVER_EXTERNAL_IP --dport 22 -j DNAT --to-destination $SERVER_EXTERNAL_IP:8022 might do the trick. That'll redirect just evil connections to 8022 and won't touch stuff from other IPs Of course this stuff may not scale well if you have thousands of "evil" IPs. If instead, you want to white list "good" IPs and assume all others are "evil", that would probably be easier to maintain and would scale better. I'm sure you can work out the syntax of that after a quick `man iptables'. HTH, tim _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
