Get public ip of ssh petition

pauibars · January 27, 2018, 1:51pm

Hello!

I have a server behind one 850Gx2 with a NAT rule for the port 22 to redirect ssh petitions to the server. (chain=dst-nat protocol=tcp in-interface=pppoe-out1 dst-port=22 action=dst-nat to-adress=192.168.1.2). But with this configuration, the servers gets the petition of the internal IP of the router, so my fail2ban bans this internal IP, and in fact, all external petitions to the ssh port.

How I can set up the firewall to redirect the petition with the external IP?

Thank you!

sebastia · January 27, 2018, 6:22pm

Hi

Not sure what you mean by petition, but…

Your ssh server would get packets directed to it’s ip (192.168.1.2) and the source of that packet should be unchanged, so somewhere from internet.
If it is changed it means you also have some src-nat rule which gets applied, maybe your outgoing masquerade which isn’t selective enough?