Today (Saturday) We will make some minor tuning adjustments to MySQL.

You may experience 2 up to 10 seconds "glitch time" when we restart MySQL. We expect to make these adjustments around 1AM Eastern Daylight Saving Time (EDT) US.

iptables port forwarding

Login or Register to Reply

Thread Tools Search this Thread
# 1  
iptables port forwarding

Hello All,
I would like to ask you very kindly with /etc/sysconfig/iptables file

I have to setup port forwarding on RHEL6 router. Users from public network must be able to ssh to servers in private network behind RHEL6 router. Problem is that servers in private network must be isolated.

My boss require that there will not be any possibility of connection from private network to any remote network behind RHEL6 router

I am not able to DROP any traffic coming from private network.

I did setup port forwarding on router from public network to private network easily but I am not able to force router to drop any traffic coming from private network outside unless I break port forwarding.

here is example of my /etc/sysconfig/iptables file. Please help with line which would drop all outgoing traffic from private network but keep port forwarding working.

cat /etc/sysconfig/iptables
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 2222 -j ACCEPT
-A INPUT -p all -j DROP
-A PREROUTING -i eth0 -p tcp --dport 22 -j DNAT --to-destination

BTW: (ssh on router is running on port 2222)

Moderator's Comments:
Mod Comment Please use CODE tags as required by forum rules!

Last edited by RudiC; 04-04-2018 at 10:38 AM.. Reason: Added CODE tags.
# 2  
Without dwelling into configuration...

If you allow access from outside network to private network via ssh protocol, there is little you can do to stop tunneling around.

This might sound strange but have you considered not giving ssh access ?
Think about what your are doing and can it be done on a higher layer (HTTPS, FTPS) to expose one port and application behind, not ssh and shell.

# 3  
Hello Peasant,

Thank you very much for your answer.

I have no room for thinking what I am doing. This is direct order from my manager which I have to deliver. There is no room to ask questions etc.

I would like to ask you very kindly for a line which I can stick to /etc/sysconfig/iptables file so port forwarding will keep working but servers in private network will not be able to reach any other network.

Concerns with ssh tunneling etc is not my concern - I have to deliver only this isolated task.

Please help.
Login or Register to Reply

Thread Tools Search this Thread
Search this Thread:
Advanced Search

More UNIX and Linux Forum Topics You Might Find Helpful
Iptables, port forwarding, 64k connection limit?
I am having an issue with iptables. My server is a RHEL6 64bit system. In my application I have a large number of connected clients ~100k to a particular service. The application works fine when iptables is off, 100k clients are able to connect. However, when I turn iptables on and add a...... UNIX for Dummies Questions & Answers
UNIX for Dummies Questions & Answers
iptables port forwarding does not work while I have 2 routes
Hi, On my linux server I have 2 routes: Code: nexthop via dev eth0 weight 38 nexthop via dev eth2 weight 36 I have a iptable rule like : iptables -t nat -A PREROUTING -p tcp -i eth0 -d...... IP Networking
IP Networking
SSH Port Forwarding - sharing the same port
Hi Linux/Unix Guru, I am setting Linux Hopping Station to another different servers. My current config to connect to another servers is using different port to connect. e.g ssh -D 1080 -p 22 ssh -D 1081 -p 22 Now what I would like to have...... IP Networking
IP Networking
port forwarding
Hi, I have to install an application that has a built in tftp server. Tftp comes in on port 69. As i am not installing this application as a root user i am running into trouble because only the root user can listen to ports < 1024. So changing the port i listen to to one greater than 1023 isn't...... UNIX for Advanced & Expert Users
UNIX for Advanced & Expert Users
iptables: forwarding a port
I've been googling for a while now, trying to forward port 3000 to port 80.... In the past I used to DLink router to forward port 3000 to 80. I recently finished (well, is it ever done anyhow?) setting up my linux box and got it acting as a router. I want to continue to run Apache on port 80...... UNIX for Dummies Questions & Answers
UNIX for Dummies Questions & Answers

Featured Tech Videos