I'm working on local git project and I'm running separated SSH service on port 2222 with non-root user. Along that I'm using ufw firewall and opened port 2222 - I opened it just for testing if connection to it works as expected and it's OK. Because default port for SSH is 22 and I wouldn't like for users to write additional ports in address for access to repositories I want to preroute it from 22 to 2222. Also I want that port 2222 wouldn't be accessible from outside when prerouting is effective. Basically I already done the first part - I prerouted traffic from 22 to 2222 and it works without a problem if port 2222 is also opened, but when trying to close down port 2222 also the connection to 22 stops working (the rule for opened port is still there). This is somehow logical since iptables seeems to just convert port 22 to 2222 and forward it to ufw, which then recognizes this and deny connection because port 2222 is not opened. Currently this is what I have in ufw's before.rules and it works if port 2222 is also opened:
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 2222
Is there a way to do this prerouting without a need to have port 2222 opened?
0 Answers