We help IT Professionals succeed at work.
Get Started

iptables, need to permit hosts

Last Modified: 2015-06-30
I'm trying to permit a certain host to access ports 22,80 and 443 on a firewall which redirects these requests to another host (lines 11 and 15, below). Also, I want any request to ports 20028 and 8084 to be directed to ports 22 and 80, respectively to the firewall itself (line 13). The redirection of 22 works fine to the other host, but the port redirection of 20028 only works if the source is the restricted source for the port 22. The firewall's IP is xx.xx.xx.110:
    iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
    iptables --append FORWARD --in-interface eth1 -j ACCEPT

    iptables -P INPUT DROP

    iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    iptables -A INPUT -i lo -j ACCEPT
    iptables -A INPUT -i eth1 -j ACCEPT

    iptables -A INPUT -i eth0 -p tcp -m multiport --dports 20028,8084 -j ACCEPT
    iptables -A INPUT -i eth0 -s -p tcp --syn -m multiport --dports 22,80,443 -j ACCEPT

    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 20028 -j REDIRECT --to-port 22

    iptables -t nat -A PREROUTING -i eth0 -s -p tcp --dport 22 -j DNAT --to-destination

Open in new window

So, ssh'ing to xx.xx.xx.110 from works and gets me to

ssh'ing to port 20028 on xx.xx.xx.110 from works and gets me to xx.xx.xx.110. It's as if the iptables rule is paying attention to the -s parameter of the other rule.

ssh'ing to port 20028 on xx.xx.xx.110 from any IP other than does not work no connection.

This last thing is what I want to solve. Basically, I want to ssh from any computer whatsoever to xx.xx.xx.110:2028 and get to the firewall itself:

ssh -p 20028 user@xx.xx.xx.110

How do I fix this?
Watch Question
This problem has been solved!
Unlock 2 Answers and 15 Comments.
See Answers
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE