I got a Debian server with a public and a private IP in a DMZ.
I need to be able to connect to it through SSH on our private side, and then block all access to the public address. Both /etc/hosts.deny and sshd_config seems to only let one block incoming IP addresses. What I really want is to disable SSH connections for the public IP.
I've been trying iptables, but I haven't had luck with that neither.
Any help is appreciated.
–EDIT
So to gather a list of my tries so far:
- SSH
- iptables
iptables -I INPUT -d $public_ip -p tcp --dport 22 -j REJECT - /etc/hosts.deny –
sshd: ALL except 192.168.2.12 $DHCPaddressrange : denyinserted. - Netstat – Result of
netstat -tunlp | grep 22
/etc/init.d/ssh and /etc/init.d/network has been restarted so far.
Internal and external network connections have been used while trying to connect to the server. Both can access via public address.
–EDIT
IT'S ALIVE!
Apparently our guest network got access, which isn't quite optimal, but I tried connecting via SSH from the phone from our guest network and without. Apparently, I can't get to it it unless I'm on one of our networks.
Some firewall issue I see there though.
Thanks for your response guys.
Best Answer
You can do this with
iptables -I INPUT -d $public_ip -p tcp --dport 22 -j REJECTor you can bind you sshd to only listen on your private IP withListenAddress $private_ipin/etc/ssh/sshd_config.