IPTables 允许一个 IP 访问 22 端口,并将 22 端口重定向到 555

tag-icon tag-icon iptables
IPTables 允许一个 IP 访问 22 端口,并将 22 端口重定向到 555

我的 SSH 服务器正在监听端口 555。我需要允许一个 IP 连接到端口 22,然后让 IPTables 将此连接重定向到 555(这是因为连接到端口 22 的软件只能连接到端口 22)。

我当前的IPTables规则如下:

 Chain INPUT (policy ACCEPT)
 target     prot opt source               destination         
 ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain 
 ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain 
 ACCEPT     udp  --  anywhere             anywhere            udp dpt:bootps 
 ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:bootps 
 ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain 
 ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain 
 ACCEPT     udp  --  anywhere             anywhere            udp dpt:bootps 
 ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:bootps 
 ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
 ACCEPT     icmp --  anywhere             anywhere            
 ACCEPT     all  --  anywhere             anywhere            
 ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ms-wbt-server 
 ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp multiport dports 5901:5903,6001:6003 
 DROP       tcp  --  anywhere             anywhere            tcp dpt:telnet 
 DROP       tcp  --  anywhere             anywhere            tcp dpt:telnet 
 DROP       tcp  --  anywhere             anywhere            tcp dpt:sunrpc 
 DROP       tcp  --  anywhere             anywhere            tcp dpt:ircu-2 
 DROP       tcp  --  anywhere             anywhere            tcp dpt:ircu-3 
 DROP       tcp  --  anywhere             anywhere            tcp dpt:ircu-4 
 DROP       tcp  --  anywhere             anywhere            tcp dpt:ircu-5 
 DROP       tcp  --  anywhere             anywhere            tcp dpt:telnet 
 DROP       tcp  --  anywhere             anywhere            tcp dpt:ms-wbt-server 
 DROP       tcp  --  anywhere             anywhere            tcp dpt:5666 
 DROP       tcp  --  anywhere             anywhere            tcp dpt:5903 

 Chain FORWARD (policy ACCEPT)
 target     prot opt source               destination         
 ACCEPT     all  --  anywhere             192.168.100.0/24    
 ACCEPT     all  --  192.168.100.0/24     anywhere            
 ACCEPT     all  --  anywhere             anywhere            
 REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable 
 REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable 
 ACCEPT     all  --  anywhere             192.168.122.0/24    state RELATED,ESTABLISHED 
 ACCEPT     all  --  192.168.122.0/24     anywhere            
 ACCEPT     all  --  anywhere             anywhere            
 REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable 
 REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable 
 TCPMSS     tcp  --  172.16.36.0/24       anywhere            tcp flags:FIN,SYN,RST,ACK/SYN TCPMSS set 1356 

 Chain OUTPUT (policy ACCEPT)
 target     prot opt source               destination

我说的以下规则会满足我的要求,对吗?(假设 192.168.8.8 是我想要连接到 22 的 IP)。

 iptables -A INPUT -s 192.168.8.8 -p tcp -m tcp --dport 22 -j ACCEPT
 iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 22 -j REDIRECT --to-port 678

任何帮助都非常感谢。谢谢!

答案1

如果你希望它重定向到端口 555,你应该使用

iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 22 -j REDIRECT --to-port 555

代替

iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 22 -j REDIRECT --to-port 678

除此之外,您的规则是正确的。

此外,根据您当前的配置,您不需要该INPUT规则,因为您当前没有阻止与端口 22 的连接(您的INPUT策略设置为ACCEPT)。

相关内容