problems with iptables redirect of ssh
Ruben Laban
r.laban at ism.nl
Mon Jan 28 15:06:31 UTC 2008
On Monday 28 January 2008, Luca Ferrari wrote:
> after a while I ended up with a following iptables configuration, that is
> the following:
>
> luca at backup$ iptables-save
>
> :PREROUTING ACCEPT [33878969:5627323255]
> :POSTROUTING ACCEPT [689881:100132957]
> :OUTPUT ACCEPT [8099059:546320333]
>
> -A PREROUTING -p tcp -m tcp --dport 2222 -j REDIRECT --to-ports 22
> COMMIT
>
> that is obtained from the following:
>
> $IPTABLES -F OUTPUT
> $IPTABLES -F INPUT
> $IPTABLES -F FORWARD
> $IPTABLES -t nat -F PREROUTING
> $IPTABLES -t nat -F POSTROUTING
> $IPTABLES -P INPUT ACCEPT
> $IPTABLES -P OUTPUT ACCEPT
> $IPTABLES -P FORWARD ACCEPT
> $IPTABLES -t nat -I PREROUTING -p tcp --dport 2222 -j REDIRECT --to-ports
> 22
>
> Now, what I'd like to obtain is to forward the connection to the 2222 port
> to the 22, but when I try to connect I get:
>
> telnet localhost 2222
> Trying 127.0.0.1...
> telnet: Unable to connect to remote host: Connection refused
>
> It seems to me strange, since the default policy should be accept, and the
> connection should be redirected to the ssh port (that is working, I can
> connect to it). Any idea on that? I'm using ubuntu 7.1.
Hi Luca,
It most likely works, just not to/from localhost. The PREROUTING chain is
*not* used for such local traffic. If you'd test from another box in your
lan, it will most likely show you the desired results.
HTH.
Regards,
--
Ruben
More information about the ubuntu-users
mailing list