[PLUG] IPtables internal port forwarding

Joe Pruett joey at clean.q7.com
Wed May 6 22:03:00 UTC 2009


>>  If I have a client connecting to port 22 on my server, say from 10.18.18.4
>>  can I use IPtables to sent that connection to Port 8022 on the same box?
>>
>>  At the same time I would want traffic from 10.18.19.4 to arrive on port 22
>>  and be forwarded passed through to port 22.
>
> Something like:
>
> # iptables -t nat -A PREROUTING -p tcp -s $EVIL_IP -d $SERVER_EXTERNAL_IP --dport 22 -j DNAT --to-destination $SERVER_EXTERNAL_IP:8022
>
> might do the trick.  That'll redirect just evil connections to 8022
> and won't touch stuff from other IPs Of course this stuff may not
> scale well if you have thousands of "evil" IPs.  If instead, you want
> to white list "good" IPs and assume all others are "evil", that would
> probably be easier to maintain and would scale better. I'm sure you
> can work out the syntax of that after a quick `man iptables'.

i think the original poster wanted to magically create rules that would 
take port x and map to x+8000 based on incoming addresses.  he wanted to 
avoid creating thousands of rules.  to that, i don't think there is going 
to be an easy solution, so programatically creating the rules as needed, 
and i don't know if iptables will have limits on the number of rules.



More information about the PLUG mailing list