Find the answer to your Linux question:
Results 1 to 2 of 2
hello all ! I am running a voip server on port 5060. I want to hide this to all the robots scanning the net permanently - I know this is ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jan 2010
    Posts
    2

    iptables to hide a port


    hello all !

    I am running a voip server on port 5060. I want to hide this to all the robots scanning the net permanently - I know this is not enough security - it is just to prevent them from wasting by bandwidth testing all usernames until fail2ban stops them !

    I'd like to have port 5060 accepting requests only from 'trusted' hosts, while others (client with dynamic ip) use port 5065 - thus, port 5060 will only appear open for some trusted partners and the bots will skip to something else.

    I have setup the iptables rules succesfully to accept only trusted hosts.

    -A RH-Firewall-1-INPUT -s 93.x.y.z -p udp -m state --state NEW -m udp --dport 5060 -j ACCEPT
    -A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 5060 -j DROP

    I've added a PREROUTING NAT rule that change the port from 5065 to 5060 for others - but then, this gets caught in the INPUT rule as port 5060
    -A PREROUTING -p udp -m udp --dport 5065 -j DNAT --to-destination 192.168.1.1:5060

    This works so well that the packets coming on port 5065 are translated to port 5060 and get caught in the DROP rule...


    Any suggestions as to how I could achieve this ?

    many thanks

    j.

  2. #2
    Just Joined!
    Join Date
    Jan 2010
    Posts
    2

    solved...

    ok... I was struggling because I was editing "live" the tables, and some packets were going through the RELATED rule... by editing the config file and restarting the service, it helped a lot...

    what did i do...

    1/ create a mangle / prerouting rule that sets a mark to 0x1 for all packets on port 5065 (my hidden public port)

    2/ create a nat / prerouting rule to redirect traffic received on *:5070 to myhost:5060

    3/ add filter rule:
    - accept from known, explicitly defined host on port 5060
    - accept packets with mark 0x1
    drop the rest

    and this works great... so the robots wont find me easily !

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •