I have a Linux 2.6.20 box running Astlinux, with Arno's firewall
installed on it.
It has a public interface (eth0) with a routable address... and a
private interface (br1) with 192.168.1.1/24.
What I'm trying to do is this.
If an Ssh connection comes in on port 22 on the public interface, then
block it.
If an Ssh connection comes in on port P (the port that we relocate our
Ssh service to on the public side) on the public interface, then port
forward it to port 22 and accept it (either port-forward it to br1s
address and port 22, or else to eth0's address and port 22).
If it comes in on our private interface on port 22, accept it.
This doesn't seem to work using Arno's ip firewall 1.8.8n.
Can I use marking to block an "unmarked" packet that arrived on port 22,
but mark a packet that has been port-forwarded to port 22 and accept
marked packets?
Or am I making this more complicated than it needs to be?
Thanks,
-Philip
--
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
