[Firewall] Remapping local ports

Arno van Amersfoort arnova at rocky.eld.leidenuniv.nl
Mon Jul 28 07:02:50 MDT 2008


This should be possible I guess..... You're maybe even able to "abuse" 
the NAT forward stuff for it, by simply specifying localhost with a 
different port as target host....

a.

Philip Prindeville wrote:
> I was wondering what would be involved in doing the following:
> 
> I want to take a port (X) and relocate it to another (X') and block X 
> externally, but allow X'.
> 
> Can we do something like:
> 
> EXT_INPUT_CHAIN:
> 
> ...
> block port X on external interface
> if a packet comes in on port X', jump to another chain (EXT_REMAP)
> accept port X
> ...
> 
> 
> EXT_REMAP:
> dnat port X' to port X
> return
> 
> 
> In other words, we won't allow connections directly to X to come in from 
> the outside, but we will allow connections to a service running locally 
> that is point to port X to be connected to on a remapped port...
> 
> -Philip
> 
> 
> _______________________________________________
> Firewall mailing list
> Firewall at lists.btito.net
> http://lists.btito.net/mailman/listinfo/firewall_lists.btito.net
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl
> 

-- 
Arno van Amersfoort
E-mail    : arnova at rocky.eld.leidenuniv.nl
Donations are welcome through Paypal!
---------------------------------------------------------------------------
Arno's (Linux IPTABLES Firewall) Homepage:
http://rocky.eld.leidenuniv.nl



More information about the Firewall mailing list