4. Firewall multiple NAT ports

Firewall multiple NAT ports

  • J

    I've got a ssh server running on a lan. port 8090 if forwarded to port 22 so outside clients can connect. I've run into a client that connects from behind a very restrictive firewall that won't allow connections to port 8022 but does allow connections to port 22.

    I want to allow only that client IP to connect to port 22.

    The problem with this situation is that if I make a NAT forward (without associated rule) for port 22 > port 22, the whole internet is allowed to connect to port 22 because the associated rule for the 8022 > 22 NAT rule accepts all connections to lan_ip:22

    It seems like NAT is applied before the firewall kicks in, isn't this a problem many people would run in to?

    (I've already worked around it by making the SSH server listen to 8022 and 22 while making 2 NAT forwards for 8022 > 8022 and 22 > 22. But that's not the point.)

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy