[Firehol-support] Port knocking AND forwarding

Johan Herland johan at herland.net
Thu Mar 23 00:21:25 GMT 2006


Hi,

I have a firewall (A) in front of a workstation (B) running an SSH 
server. I'd like to set up port forwarding from A to B for the SSH 
service (something like "dnat to ${A_addr}:22 inface ${inet_inface} 
proto tcp dport 2222"), but I also want this forward to be protected by 
a port knocking sequence (similar to "server ssh accept with knock 
foo", except that this is not a local server).

What is the best way to set this up so that:
1. Before the secret knock is done, all connections to port 2222 are 
dropped at the firewall.
2. Once the knock is sent, Connections to port 2222 on A are forwarded 
to port 22 on B, until the traffic is stopped by a closing knock, or a 
timeout.
3. When the knock has been closed, all new connections are dropped as in 
point (1), while established connections (SSH sessions initiated in 
point (2)) continue to work.


Thanks for your help.

...Johan

-- 
Johan Herland, <johan at herland.net>
www.herland.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 200 bytes
Desc: not available
URL: <http://lists.firehol.org/pipermail/firehol-support/attachments/20060323/0eca0383/attachment.sig>


More information about the Firehol-support mailing list