[Firewall] Remapping local ports

Philip Prindeville philipp_subx at redfish-solutions.com
Thu Jul 24 15:09:38 MDT 2008


I was wondering what would be involved in doing the following:

I want to take a port (X) and relocate it to another (X') and block X 
externally, but allow X'.

Can we do something like:

EXT_INPUT_CHAIN:

...
block port X on external interface
if a packet comes in on port X', jump to another chain (EXT_REMAP)
accept port X
...


EXT_REMAP:
dnat port X' to port X
return


In other words, we won't allow connections directly to X to come in from 
the outside, but we will allow connections to a service running locally 
that is point to port X to be connected to on a remapped port...

-Philip




More information about the Firewall mailing list