Is it possible to create a NAT that can only be used from a trusted IP or trusted range of IP’s? I am needing to create a NAT for a SQL server on TCP 1433 but I don’t want to open the port for the entire Internet, just from a trusted IP range where I am going to have a developer needing direct access to the port.
Thanks,
Brad
use ‘src-address=your_developer_address’ parameter in your DST-NAT rule
I tried that but it didn’t seem to work. Any ideas?
Thanks,
Brad
what exactly don’t work?
If I create the rule without a SRC address, I can telnet to the port. If I create it with the SRC address, I cannot telnet to the port even from the IP that is the trusted IP.
paste the rule here so we can see what you entered.
add chain=dstnat action=dst-nat to-addresses=10.1.2.70 to-ports=1433 in-interface=Cox src-address=65.65.65.65 dst-address=98.98.98.98 dst-port=1433 protocol=tcp
98.98.98.98 is the static IP through the local ISP
65.65.65.65 is the IP I am attempting to trust to allow connections through from it