Ping a Specific Port

Question

theduke

Asked: 2012-01-28 08:45:24 +0800 CST2012-01-28 08:45:24 +0800 CST 2012-01-28 08:45:24 +0800 CST

IPTables - Change Port of outgoing and incoming packets

772

Is it possible to configure IPTables in a way that all outgoing packets to a certain IP and Port are altered with a different port and do the same for incoming packets?

I have to work with a server routinely and the Hoster decided that SSH access will only be possible on port 222 instead of the default 22.

This always causes a headache when ssh, scp or rsyncing. You always have to remember to add the port parameter.

I would like to circumvent this with IPTables.

Any help greatly appreciated.

2 Answers

Voted

Zoredache · Answer 1 · 2012-01-28T10:48:18+08:00

Best Answer

Zoredache

2012-01-28T10:48:18+08:002012-01-28T10:48:18+08:00

Yes it should certainly be possible to setup iptable rules to NAT outgoing traffic. You really should only need to create a rule that deals with the output traffic. You shouldn't need a rule to do anything to the returning packets. The state-ful nature of netfilter will deal with this for you.

You would probably need to use a rule like one of these.

# if you want to redirect requests from the local machine
iptables -t nat -A OUTPUT--destination remote.host.ip \
         -p tcp  --dport 22 -j DNAT --to-destination remote.host.ip:222

# if you want to redirect requests on a device inline
iptables -t nat -A PREROUTING --destination remote.host.ip \
         -p tcp  --dport 22 -j DNAT --to-destination remote.host.ip:222

Another simple solution would be to simply setup an SSH configuration file for the server and specify the port in your config.

# list of all names, you might commonly use for this host.
Host foo foo.example.org foo.example 
    # real hostname
    Hostname real.example.org
    Port 222

8

Eric · Answer 2 · 2012-01-28T09:15:42+08:00

Eric

2012-01-28T09:15:42+08:002012-01-28T09:15:42+08:00

I would recommend reading this link. If you do decide to do this, I would also highly recommend using the following security steps for SSH and a public facing IP.

Don't allow root logons.
Only allow this port to be open from certain IPs.
Have key based authentication.
Use tools such as denyhosts to block any type of brute force attempts.

0

IPTables - Change Port of outgoing and incoming packets

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?