1,234
edits
Changes
→Port forwarding SSH
* In the future you'll need to remember when you modify router's security group that there is another firewall following it, so you'll need to modify that as well.
== Port Temporary VM for port forwarding SSH practice ==
We'll set up a temporary instance for this lab (called ww) just as a target for port forwarding. After this lab you can delete it.
[[File:AWSsshFirewalled.png|800px|border|center]]
The private key is on your workstation, but your workstation isn't allowed to connect to ww. You could copy your private key to router, but that's not a great solution from a security point of view. The tricky solution here is to connect ssh to router, and have that connection forwarded to ww. == Port forwarding SSH ==
This [https://documentation.suse.com/sles/15-SP1/html/SLES-all/cha-security-firewall.html Open Suse Documentation page] has a nice simple diagram of iptables:
[[File:SuseIptablesDiagram.png|400px|border|center]]
Since we're forwarding traffic: the router is neither the source or the destination, therefore the INPUT and OUTPUT chains don't apply. We'll add one rule to the NAT table, and remove the default blocking rule from the FORWARD table.
* firewall: