[PLUG] IPtables internal port forwarding
Joe Pruett
joey at clean.q7.com
Wed May 6 22:03:00 UTC 2009
>> If I have a client connecting to port 22 on my server, say from 10.18.18.4
>> can I use IPtables to sent that connection to Port 8022 on the same box?
>>
>> At the same time I would want traffic from 10.18.19.4 to arrive on port 22
>> and be forwarded passed through to port 22.
>
> Something like:
>
> # iptables -t nat -A PREROUTING -p tcp -s $EVIL_IP -d $SERVER_EXTERNAL_IP --dport 22 -j DNAT --to-destination $SERVER_EXTERNAL_IP:8022
>
> might do the trick. That'll redirect just evil connections to 8022
> and won't touch stuff from other IPs Of course this stuff may not
> scale well if you have thousands of "evil" IPs. If instead, you want
> to white list "good" IPs and assume all others are "evil", that would
> probably be easier to maintain and would scale better. I'm sure you
> can work out the syntax of that after a quick `man iptables'.
i think the original poster wanted to magically create rules that would
take port x and map to x+8000 based on incoming addresses. he wanted to
avoid creating thousands of rules. to that, i don't think there is going
to be an easy solution, so programatically creating the rules as needed,
and i don't know if iptables will have limits on the number of rules.
More information about the PLUG
mailing list