Port-forwarding question and marking

From: Philip Prindeville
Date: Wed Jun 04 2008 - 21:41:14 EST

Next message: Umu Support Team: "Account Update"
Previous message: Patrick McHardy: "Re: Veth problems with bridge"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I have a Linux 2.6.20 box running Astlinux, with Arno's firewall installed on it.

It has a public interface (eth0) with a routable address... and a private interface (br1) with 192.168.1.1/24.

What I'm trying to do is this.

If an Ssh connection comes in on port 22 on the public interface, then block it.

If an Ssh connection comes in on port P (the port that we relocate our Ssh service to on the public side) on the public interface, then port forward it to port 22 and accept it (either port-forward it to br1s address and port 22, or else to eth0's address and port 22).

If it comes in on our private interface on port 22, accept it.

This doesn't seem to work using Arno's ip firewall 1.8.8n.

Can I use marking to block an "unmarked" packet that arrived on port 22, but mark a packet that has been port-forwarded to port 22 and accept marked packets?

Or am I making this more complicated than it needs to be?

Thanks,

-Philip

--
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html

Next message: Umu Support Team: "Account Update"
Previous message: Patrick McHardy: "Re: Veth problems with bridge"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]