[olug] Rule to open ssh

Wed May 14 17:56:31 UTC 2003

Thanks for the reply's.

Todd actually answered my question for me.

iptables -A INPUT -i eth0 -p tcp -m multiport --dport 22 -j ACCEPT

What I was looking for was a rule to open up ssh so I could login from
work.  As for the obscure port, all you have to do is edit sshd_conf and
replace PORT 22 with the port you want sshd to monitor.  I used this port
number in my rule, and it works splendid.

Thanks for the help.

Daryl Rose
Scantron Service Group
Unix Support Specialist
drose at scantron.com
1-800-228-3628 x3061

                      Joe Catanzaro                                                                                                    
                      <joecatanzaro at cox        To:       Omaha Linux User Group <olug at olug.org>                                        
                      .net>                    cc:                                                                                     
                      Sent by:                 Subject:  Re: [olug] Rule to open ssh                                                   
                      olug-bounces at olug                                                                                                
                      .org                                                                                                             

                      05/14/2003 11:12                                                                                                 
                      AM                                                                                                               
                      Please respond to                                                                                                
                      Omaha Linux User                                                                                                 
                      Group                                                                                                            

Daryl,

I'm not sure I understand your question. Do you want to do port forwarding
for SSH? If so, this should work. I have very similar rules on my RH 7.3
firewall for http and ftp. So, in theory, this should work. The only
problem that I've been having is that my INET_IP has to be hard coded into
the script. So, I have to change it when my IP address changes (Cox DHCP).
I haven't gotten around to writing scripting this part of my firewall
ruleset. Nevertheless, this code should work assuming you're running NAT,
etc. Be sure to put these towards the end of your firewall ruleset. It's
taking SSH requests coming in on port 22 on your firewall and forwarding
them to 10.0.0.5 port 8181. Obviously, change the port numbers to your
liking.

IPTABLES="/sbin/iptables"
INET_IFACE="eth0"
INET_IP="12.34.56.78"
SSHBOX="10.0.0.5"
LAN_IFACE="eth1"

$IPTABLES -t nat -A PREROUTING -i $INET_IFACE -p tcp -d $INET_IP \
  --dport 8181 -j DNAT --to $SSHBOX:22
$IPTABLES -A FORWARD -i $INET_IFACE -o $LAN_IFACE -p tcp -d $SSHBOX --dport

8181 -j ACCEPT

Good luck,

At 5/14/03 10:57 AM Wednesday, drose.SCANTRON at scantron.com wrote:
>My firewall is a RH 7.3 machine using iptables.  I've never been good at
>figuring out the rules, so I use a script to setup my rules.  This works
>fine, but I want to open ssh, on an obscure port, so I can get in while at
>work.
>
>Can someone tell me how to configure the rule?
>
>Thanks.
>
>Daryl Rose
>Scantron Service Group
>Unix Support Specialist
>drose at scantron.com
>1-800-228-3628 x3061
>
>
>_______________________________________________
>OLUG mailing list
>OLUG at olug.org
>http://lists.olug.org/mailman/listinfo/olug

Joe Catanzaro
joecatanzaro at cox.net

_______________________________________________
OLUG mailing list
OLUG at olug.org
http://lists.olug.org/mailman/listinfo/olug