iptables forwarding a specific SSH connection
Is anyone able to help me with the iptables syntax to achieve the following results?
Ok here we go .... I have a server that only accepts ssh connections on the default port ie 22. I want to be able to forward *some* of the ssh connections to a remote server , this remote server is not on the same network its an extermal box on the internet.
I have searched around for a solution and this is the best I can come up with...
iptables -A FORWARD -p tcp -i eth0 -o eth0 -d 220.127.116.11 --dport 22 -m state --state NEW -j ACCEPT
My problem with the above command is that this will forward all connections on port 22 to the 18.104.22.168 (external server) whereas I only want to forward specific IP addresses and/or subnets .
is there a way of specifying the source IP (22.214.171.124) of the connection? will me below example work??
eg iptables -A FORWARD -s 126.96.36.199-p tcp -i eth0 -o eth0 -d 188.8.131.52 --dport 22 -m state --state NEW -j ACCEPT
Forward some ssh connection to a remote server
One solution could be, like this:
Source (you) = 184.108.40.206
Public IP (firewall) = 193.x.x.x
Destination 1 = 220.127.116.11
Destination 2 = 18.104.22.168
iptables -t nat -A PREROUTING -p TCP -s 22.214.171.124 -d 193.x.x.x --dport 22 -j DNAT --to-destination 126.96.36.199:22
iptables -t nat -A PREROUTING -p tcp -d 193.x.x.x --dport 22 -j DNAT --to-destination 188.8.131.52:22
First rule route you to destination 1.
Second rule route everyone else to destination 2.
Hope this helps.