[Firehol-support] Port knocking AND forwarding
Johan Herland
johan at herland.net
Thu Mar 23 00:21:25 GMT 2006
Hi,
I have a firewall (A) in front of a workstation (B) running an SSH
server. I'd like to set up port forwarding from A to B for the SSH
service (something like "dnat to ${A_addr}:22 inface ${inet_inface}
proto tcp dport 2222"), but I also want this forward to be protected by
a port knocking sequence (similar to "server ssh accept with knock
foo", except that this is not a local server).
What is the best way to set this up so that:
1. Before the secret knock is done, all connections to port 2222 are
dropped at the firewall.
2. Once the knock is sent, Connections to port 2222 on A are forwarded
to port 22 on B, until the traffic is stopped by a closing knock, or a
timeout.
3. When the knock has been closed, all new connections are dropped as in
point (1), while established connections (SSH sessions initiated in
point (2)) continue to work.
Thanks for your help.
...Johan
--
Johan Herland, <johan at herland.net>
www.herland.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 200 bytes
Desc: not available
URL: <http://lists.firehol.org/pipermail/firehol-support/attachments/20060323/0eca0383/attachment.sig>
More information about the Firehol-support
mailing list