Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
(iptables)Redirecting an external port on a router to itself
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
luringen
n00b
n00b


Joined: 20 Aug 2014
Posts: 15
Location: Norwaaay

PostPosted: Sat Sep 20, 2014 11:18 pm    Post subject: (iptables)Redirecting an external port on a router to itself Reply with quote

I have a router using iptables, which i can configure permanently with persistent scripts, thing is, on the router configuration page i can only enable ssh access from wan, but i cannot set a different port for ssh on the wan interface.

In the iptables flowchart (ftp://ftp.shorewall.net/pub/shorewall/misc/netfilterflow.pdf), it says that packets goes through the PREROUTING chain before it reaches the INPUT chain. Therefore doing:
Code:
iptables -t nat -I PREROUTING -i $wan -p tcp --dport 2222 -j REDIRECT --to-port 22
will just redirect them to port 22 before they reaches the input chain.

Then i would have to allow port 22 in the input chain from wan, and I'm back to square one.

So the problem is how can i allow traffic which has been redirected in the prerouting chain and only that traffic to be allowed to port 22?

Thanks in advance.
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 13509

PostPosted: Sat Sep 20, 2014 11:32 pm    Post subject: Reply with quote

Have you looked at using the conntrack module match option --ctorigdstport?
Back to top
View user's profile Send private message
luringen
n00b
n00b


Joined: 20 Aug 2014
Posts: 15
Location: Norwaaay

PostPosted: Sat Sep 20, 2014 11:50 pm    Post subject: Reply with quote

Code:
admin@RT-N66U-7040:/tmp/home/root# iptables -I INPUT -i eth0 -p tcp --dport 22 -m conntrack --ctorigdstport XXXXX -j ACCEPT
iptables v1.3.8: Unknown arg `--ctorigdstport'
Try `iptables -h' or 'iptables --help' for more information.
admin@RT-N66U-7040:/tmp/home/root# uname -a
Linux RT-N66U-7040 2.6.22.19 #1 Sun Sep 14 17:57:35 EDT 2014 mips GNU/Linux
admin@RT-N66U-7040:/tmp/home/root#


is it possible these are too old versions for it?
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 13509

PostPosted: Sun Sep 21, 2014 12:57 am    Post subject: Reply with quote

It is possible. That is a very old system. It will likely be very difficult to upgrade to current. Is it even Gentoo based?
Back to top
View user's profile Send private message
luringen
n00b
n00b


Joined: 20 Aug 2014
Posts: 15
Location: Norwaaay

PostPosted: Sun Sep 21, 2014 1:00 am    Post subject: Reply with quote

It is not. Its Asuswrt-merlin, which is a modification of the original asuswrt firmware which is installed on asus routers by default, but it is open source.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum