[PLUG] IPtables internal port forwarding
Tim
tim-pdxlug at sentinelchicken.org
Wed May 6 21:58:43 UTC 2009
> If I have a client connecting to port 22 on my server, say from 10.18.18.4
> can I use IPtables to sent that connection to Port 8022 on the same box?
>
> At the same time I would want traffic from 10.18.19.4 to arrive on port 22
> and be forwarded passed through to port 22.
Something like:
# iptables -t nat -A PREROUTING -p tcp -s $EVIL_IP -d $SERVER_EXTERNAL_IP --dport 22 -j DNAT --to-destination $SERVER_EXTERNAL_IP:8022
might do the trick. That'll redirect just evil connections to 8022
and won't touch stuff from other IPs Of course this stuff may not
scale well if you have thousands of "evil" IPs. If instead, you want
to white list "good" IPs and assume all others are "evil", that would
probably be easier to maintain and would scale better. I'm sure you
can work out the syntax of that after a quick `man iptables'.
HTH,
tim
More information about the PLUG
mailing list