I'm trying to permit a certain host to access ports 22,80 and 443 on a firewall which redirects these requests to another host (lines 11 and 15, below). Also, I want any request to ports 20028 and 8084 to be directed to ports 22 and 80, respectively to the firewall itself (line 13). The redirection of 22 works fine to the other host, but the port redirection of 20028 only works if the source is the restricted source for the port 22. The firewall's IP is xx.xx.xx.110:
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT
iptables -P INPUT DROP
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i eth1 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m multiport --dports 20028,8084 -j ACCEPT
iptables -A INPUT -i eth0 -s 22.214.171.124 -p tcp --syn -m multiport --dports 22,80,443 -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 20028 -j REDIRECT --to-port 22
iptables -t nat -A PREROUTING -i eth0 -s 126.96.36.199 -p tcp --dport 22 -j DNAT --to-destination 192.168.168.10:22
So, ssh'ing to xx.xx.xx.110 from 188.8.131.52 works and gets me to 192.168.168.10.
ssh'ing to port 20028 on xx.xx.xx.110 from 184.108.40.206 works and gets me to xx.xx.xx.110. It's as if the iptables rule is paying attention to the -s parameter of the other rule.
ssh'ing to port 20028 on xx.xx.xx.110 from any IP other than 220.127.116.11 does not work no connection.
This last thing is what I want to solve. Basically, I want to ssh from any computer whatsoever to xx.xx.xx.110:2028 and get to the firewall itself:
ssh -p 20028 email@example.com
How do I fix this?