Shorewall Q - how to port forward ?

**Compunuts** · 01-28-2004, 03:58 AM

I want to port forward on the same machine.

When my friends ( who have no access for SSH from their network ) point their SSH client to port 443 ( to trick proxy servers as being using HTTPS traffic ), I wanted my firewall to port forward it to port 22 on the same machine with the same interface.

I'm using shorewall 1.4.8 on Debian and iptables.

P.S --> I'm reading Shorewall site currently but haven't found what I wanted ATM.

TIA

**vvx** · 01-28-2004, 04:16 AM

From http://shorewall.net/Documentation.htm#Rules
Example 12. You want to redirect all local www connection requests EXCEPT those to your own http server (206.124.146.177) to a Squid transparent proxy running on the firewall and listening on port 3128. Squid will of course require access to remote web servers. This example shows yet another use for the ORIGINAL DEST column; here, connection requests that were NOT (notice the “!”) originally destined to 206.124.146.177 are redirected to local port 3128.

#ACTION SOURCE DEST PROTO DEST PORT(S) SOURCE ORIGINAL
# PORT(S) DEST
REDIRECT loc 3128 tcp www - !206.124.146.177
ACCEPT fw net tcp www

so, seems to me you could edit that to work for your situation, with something like

REDIRECT net 443 tcp 22 -

Worth a shot?

**Compunuts** · 01-28-2004, 07:07 AM

[quote author=vvx link=board=5;threadid=8595;start=0#msg77643 date=1075267010]
#ACTION SOURCE DEST PROTO DEST PORT(S) SOURCE ORIGINAL
# PORT(S) DEST
REDIRECT loc 3128 tcp www - !206.124.146.177
ACCEPT fw net tcp www

so, seems to me you could edit that to work for your situation, with something like

REDIRECT net 443 tcp 22 -

Worth a shot?
[/quote]Still doesn't work. Connection refused error message. :-\
I'm gonna look for port to port redirection. If not, I will get another box take that SSH connection at port 443 and forward it to another box's port 22.

Thanks VVX anyway.

**vvx** · 01-28-2004, 09:08 AM

This rule works for me.

REDIRECT net 22 tcp 443

Apparently I had the ports backwards before. (Only works when testing from a machine outside of my lan.. which makes sense as that's what would end upg oing through shorewall.)

**countach44** · 01-29-2004, 03:25 AM

How's about tunnels? gorn wrote a great PET on those-
http://www.linuxjunior.org/cgi-bin/p...lay&id=106

**Compunuts** · 01-30-2004, 04:19 AM

[quote author=vvx link=board=5;threadid=8595;start=0#msg77650 date=1075284518]
This rule works for me.

REDIRECT net 22 tcp 443

Apparently I had the ports backwards before.
[/quote]
Well, I tried that rule also but didn't work.

(Only works when testing from a machine outside of my lan.. which makes sense as that's what would end upg oing through shorewall.)

That was it. I was trying to log in from my own LAN which is NOT configured to do. When I logged into an account outside of my LAN and tried that, it worked.

ThanksVVX and guys.