Port redirection for 1 ip only with CSF

webaltern

Verified User
Joined
Feb 10, 2008
Messages
173
Location
Québec, Canada
Hello,

is there any way that I can make a port (ex. 22) to redirect to another port (ex. 7777) for only 1 ip adresse (ex. 222.222.222.222).

So that way, the user with the ip 222.222.222.222 can connect to port 22 that will be fowarded to port 7777 to use the service running on this port.

I ask this because we have changed our default ssh port on our server and one of our customer want to use a script to rsync some files from his computer to his hosting account but he can't change the ssh port in that script...


Regards,
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
14,255
Location
GMT +7.00
Hello,

Read this:

22. Port/IP address Redirection###############################

This feature uses the file /etc/csf/csf.redirect which is a list of port and/or
IP address assignments to direct traffic to alternative ports/IP addresses.

Requirements:
nat tables
ipt_DNAT iptables module
ipt_SNAT iptables module
ipt_REDIRECT iptables module

The following are the allowed redirection formats

DNAT (redirect from one IP address to a different one):
IPx|*|IPy|*|tcp/udp - To IPx redirects to IPy
IPx|portA|IPy|portB|tcp/udp - To IPx to portA redirects to IPy portB

DNAT examples:
192.168.254.62|*|10.0.0.1|*|tcp
192.168.254.62|666|10.0.0.1|25|tcp

REDIRECT (redirect from port to a different one):
IPx|portA|*|portB|tcp/udp - To IPx to portA redirects to portB
*|portA|*|portB|tcp/udp - To portA redirects to portB

REDIRECT examples:
*|666|*|25|tcp
192.168.254.60|666|*|25|tcp
192.168.254.4|666|*|25|tcp

Where a port is specified it cannot be a range, only a single port.

All redirections to another IP address will always appear on the destination
server with the source of this server, not the originating IP address.

This feature is not intended to be used for routing, NAT, VPN, etc tasks

Note: /proc/sys/net/ipv4/ip_forward must be set to 1 for DNAT connections to
work. csf will set this where it can, but if the kernel value cannot be set
then the DNAT redirection many not work.
http://download.configserver.com/csf/readme.txt
 

webaltern

Verified User
Joined
Feb 10, 2008
Messages
173
Location
Québec, Canada
Hi,

thank for you reply, this feature is great but I think it's just for forward server IP x port 22 to server IP Y port 7777 for example...

I test this to be sure...
 
Top