iptables forwarding a specific SSH connection
Is anyone able to help me with the iptables syntax to achieve the following results?
Ok here we go .... I have a server that only accepts ssh connections on the default port ie 22. I want to be able to forward *some* of the ssh connections to a remote server , this remote server is not on the same network its an extermal box on the internet.
I have searched around for a solution and this is the best I can come up with...
iptables -A FORWARD -p tcp -i eth0 -o eth0 -d 188.8.131.52 --dport 22 -m state --state NEW -j ACCEPT
My problem with the above command is that this will forward all connections on port 22 to the 184.108.40.206 (external server) whereas I only want to forward specific IP addresses and/or subnets .
is there a way of specifying the source IP (220.127.116.11) of the connection? will me below example work??
eg iptables -A FORWARD -s 18.104.22.168-p tcp -i eth0 -o eth0 -d 22.214.171.124 --dport 22 -m state --state NEW -j ACCEPT
Forward some ssh connection to a remote server
One solution could be, like this:
Source (you) = 126.96.36.199
Public IP (firewall) = 193.x.x.x
Destination 1 = 188.8.131.52
Destination 2 = 184.108.40.206
iptables -t nat -A PREROUTING -p TCP -s 220.127.116.11 -d 193.x.x.x --dport 22 -j DNAT --to-destination 18.104.22.168:22
iptables -t nat -A PREROUTING -p tcp -d 193.x.x.x --dport 22 -j DNAT --to-destination 22.214.171.124:22
First rule route you to destination 1.
Second rule route everyone else to destination 2.
Hope this helps.