saify37 at hotmail
Jun 12, 2009, 9:37 PM
Post #3 of 3
(791 views)
Permalink
|
hey Adriana,
you can also restrict port forwarding by using iptables, as when iptables service is started it blocks all ports except the ones which are defined in its configuration file which is located at /etc/sysconfig/iptables in Red Hat/Centos systems, to open a specific port through iptables firewall, you have to add a line which looks like
-A RH-Firewall-1-INPUT -m state --state NEW -p tcp -m tcp --dport 8080 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -p udp -m udp --dport 8080 -j ACCEPT
you have to make configuration of your own for this, the above two lines will open the port 8080 for tcp and udp traffic, figure out the ports which you want to be opened and define them in the iptables file, if you want to read more about this, follow the link
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch14_:_Linux_Firewalls_Using_iptables
------------------------------------------------------------------------------------
> Date: Fri, 12 Jun 2009 17:17:06 +1000
> From: dtucker [at] zip
> To: adrya1984 [at] gmail
> CC: openssh-unix-dev [at] mindrot; secureshell [at] securityfocus
> Subject: Re: Restrict port forwarding on server
>
> Adriana Rodean wrote:
> > Hi,
> >
> > Is there a way to restrict port forwarding on the server?
> > I want only port 8080 on the server to be available to clients.
> >
> > Example when i give this command clients should be able to connect:
> > ssh -L 30300:localhost:8080 ....
> > When i give this for example clients should not be able to connect:
> > ssh -L 30300:localhost:4040 ....
> >
> > I tried this option in config file of server:
> > PermitOpen localhost:8080
> > but even with it i could still connect to 4040 for example
>
> That should work.
>
> Which config file did you change? It should go in sshd_config and you
> need to restart sshd when you change that file.
>
> --
> Darren Tucker (dtucker at zip.com.au)
> GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
> Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.
_________________________________________________________________
Windows Live™: Keep your life in sync. Check it out!
http://windowslive.com/explore?ocid=TXT_TAGLM_WL_t1_allup_explore_012009
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
|
