Answer the question
In order to leave comments, you need to log in
C
C
chief2019-09-01 23:38:52
chief, 2019-09-01 23:38:52
How to forward SSH to a non-standard port on OpenWRT using iptables?
There is such a construction in Custom Rules to protect SSH from brute force:
#######SSH
iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --name BLOCK --rcheck --seconds 600 -j DROP
iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -m hashlimit --hashlimit-name BLOCK --hashlimit-mode srcip --hashlimit-above 2/m --hashlimit-burst 2 -m recent --name BLOCK --set -j DROP
iptables -A INPUT -p tcp --syn --dport 22 -j ACCEPTI want to hang up on a non-standard port (for example, 2222).
But when I add the rule
iptables -t nat -A zone_wan_prerouting -p tcp --dport 2222 -j DNAT --to-destination 192.168.1.1:22then the blocking rule does not work.
Help :)
1 answer(s)
@krosh
K
krosh, 2019-09-02 @krosh
If 192.168.1.1 is another host, change INPUT to FORWARD. Anything outside the localhost is filtered in the FORWARD chain.
If 192.168.1.1 is the same machine, then --dport 22 -> --dport 2222 in the INPUT chain. Only in this case it is not clear why use iptables when the port can be changed in the settings.
Similar questions
K
X
T
S
Y
Yoh2014-04-07 22:09:17
Firewall iptables, state module - can be used as a type of protection?
2Reply
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question