How can I block access to public server IP for OpenSSH in Debian?
I got a Debian server with a public and a private IP in a DMZ. I need to be able to connect to it through SSH on our private side, and then block all access to the public address. Both /etc/hosts.deny and sshd_config seems to only let one block incoming IP addresses. What I really want is to disable SSH connections for the public IP. I've been trying iptables, but I haven't had luck with that neither.
Any help is appreciated.
--EDIT So to gather a list of my tries so far:
- SSH
-
iptables
iptables -I INPUT -d $public_ip -p tcp --dport 22 -j REJECT
-
/etc/hosts.deny -
sshd: ALL except 192.168.2.12 $DHCPaddressrange : deny
inserted. -
Netstat - Result of
netstat -tunlp | grep 22
/etc/init.d/ssh and /etc/init.d/network has been restarted so far.
Internal and external network connections have been used while trying to connect to the server. Both can access via public address.
--EDIT
IT'S ALIVE! Apparently our guest network got access, which isn't quite optimal, but I tried connecting via SSH from the phone from our guest network and without. Apparently, I can't get to it it unless I'm on one of our networks. Some firewall issue I see there though.
Thanks for your response guys.
Solution 1:
You can do this with iptables -I INPUT -d $public_ip -p tcp --dport 22 -j REJECT
or you can bind you sshd to only listen on your private IP with ListenAddress $private_ip
in /etc/ssh/sshd_config
.