How can I block access to public server IP for OpenSSH in Debian?

I got a Debian server with a public and a private IP in a DMZ. I need to be able to connect to it through SSH on our private side, and then block all access to the public address. Both /etc/hosts.deny and sshd_config seems to only let one block incoming IP addresses. What I really want is to disable SSH connections for the public IP. I've been trying iptables, but I haven't had luck with that neither.

Any help is appreciated.

--EDIT So to gather a list of my tries so far:

  • SSH
  • iptables iptables -I INPUT -d $public_ip -p tcp --dport 22 -j REJECT
  • /etc/hosts.deny - sshd: ALL except 192.168.2.12 $DHCPaddressrange : deny inserted.
  • Netstat - Result of netstat -tunlp | grep 22

/etc/init.d/ssh and /etc/init.d/network has been restarted so far.

Internal and external network connections have been used while trying to connect to the server. Both can access via public address.

--EDIT

IT'S ALIVE! Apparently our guest network got access, which isn't quite optimal, but I tried connecting via SSH from the phone from our guest network and without. Apparently, I can't get to it it unless I'm on one of our networks. Some firewall issue I see there though.

Thanks for your response guys.


Solution 1:

You can do this with iptables -I INPUT -d $public_ip -p tcp --dport 22 -j REJECT or you can bind you sshd to only listen on your private IP with ListenAddress $private_ip in /etc/ssh/sshd_config.