[PLUG] IPtables internal port forwarding
Michael
michael at jamhome.us
Thu May 7 18:28:30 UTC 2009
Michael wrote:
>
> m0gely wrote:
>> If you're using an up-to-date sshd, and employ good password practices,
>> what's the point of doing all this? Honest question.
>
> As the OP here's the background story.
AND - I'm freshly dragged into this problem and suspect I'm not being given
all the needed information to understand our range of options.
>
> At work we manage several thousand switches and routers.
> We're replacing our management platform with a new one.
> There is an internal requirement to NEVER use clear text protocols.
>
> So to put a new IOS image on a Cisco device we use SCP.
>
> The new management app has two features:
> it has the Cisco devices pull configs, images, everything
> its default port for serving these resources is 8022
>
> Complicating factors:
>
> The Cisco devices cannot be configured to SCP to a different port than 22[1]
> We do normal management via ssh - aka port 22
>
> In order to not confuse the beejesus out of all the groups that currently ssh
> to boxes we are loath to move SSH to a non-standard port.
>
> Therefore:
>
> We want to have the incoming port 22 connection from switches and routers (we
> know the IPs involved) redirected to port 8022 to connect with the management
> app software.
>
>
> [1] If you know otherwise and how, please share.
>
> --
> Michael Rasmussen
> http://www.jamhome.us/
> Be Appropriate && Follow Your Curiosity
>
> _______________________________________________
> PLUG mailing list
> PLUG at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
>
--
Michael Rasmussen
http://www.jamhome.us/
Be Appropriate && Follow Your Curiosity
More information about the PLUG
mailing list