IPTables 允许一个 IP 访问 22 端口,并将 22 端口重定向到 555

IPTables 允许一个 IP 访问 22 端口,并将 22 端口重定向到 555

我的 SSH 服务器正在监听端口 555。我需要允许一个 IP 连接到端口 22,然后让 IPTables 将此连接重定向到 555(这是因为连接到端口 22 的软件只能连接到端口 22)。

我当前的IPTables规则如下:

 Chain INPUT (policy ACCEPT)
 target     prot opt source               destination         
 ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain 
 ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain 
 ACCEPT     udp  --  anywhere             anywhere            udp dpt:bootps 
 ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:bootps 
 ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain 
 ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain 
 ACCEPT     udp  --  anywhere             anywhere            udp dpt:bootps 
 ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:bootps 
 ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
 ACCEPT     icmp --  anywhere             anywhere            
 ACCEPT     all  --  anywhere             anywhere            
 ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ms-wbt-server 
 ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp multiport dports 5901:5903,6001:6003 
 DROP       tcp  --  anywhere             anywhere            tcp dpt:telnet 
 DROP       tcp  --  anywhere             anywhere            tcp dpt:telnet 
 DROP       tcp  --  anywhere             anywhere            tcp dpt:sunrpc 
 DROP       tcp  --  anywhere             anywhere            tcp dpt:ircu-2 
 DROP       tcp  --  anywhere             anywhere            tcp dpt:ircu-3 
 DROP       tcp  --  anywhere             anywhere            tcp dpt:ircu-4 
 DROP       tcp  --  anywhere             anywhere            tcp dpt:ircu-5 
 DROP       tcp  --  anywhere             anywhere            tcp dpt:telnet 
 DROP       tcp  --  anywhere             anywhere            tcp dpt:ms-wbt-server 
 DROP       tcp  --  anywhere             anywhere            tcp dpt:5666 
 DROP       tcp  --  anywhere             anywhere            tcp dpt:5903 

 Chain FORWARD (policy ACCEPT)
 target     prot opt source               destination         
 ACCEPT     all  --  anywhere             192.168.100.0/24    
 ACCEPT     all  --  192.168.100.0/24     anywhere            
 ACCEPT     all  --  anywhere             anywhere            
 REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable 
 REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable 
 ACCEPT     all  --  anywhere             192.168.122.0/24    state RELATED,ESTABLISHED 
 ACCEPT     all  --  192.168.122.0/24     anywhere            
 ACCEPT     all  --  anywhere             anywhere            
 REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable 
 REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable 
 TCPMSS     tcp  --  172.16.36.0/24       anywhere            tcp flags:FIN,SYN,RST,ACK/SYN TCPMSS set 1356 

 Chain OUTPUT (policy ACCEPT)
 target     prot opt source               destination   

我说的以下规则会满足我的要求,对吗?(假设 192.168.8.8 是我想要连接到 22 的 IP)。

 iptables -A INPUT -s 192.168.8.8 -p tcp -m tcp --dport 22 -j ACCEPT
 iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 22 -j REDIRECT --to-port 678

任何帮助都非常感谢。谢谢!

答案1

如果你希望它重定向到端口 555,你应该使用

iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 22 -j REDIRECT --to-port 555

代替

iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 22 -j REDIRECT --to-port 678

除此之外,您的规则是正确的。

此外,根据您当前的配置,您不需要该INPUT规则,因为您当前没有阻止与端口 22 的连接(您的INPUT策略设置为ACCEPT)。

相关内容