Andrew Worsley wrote:
I have just switched to using my ADSL modem in bridging mode and had to institute my own firewall and wanted to put ssh on a different port for external access to avoid these attacks. I didn't want to change the default port for internal access but the only way I could make it work was to do a trick like:
iptables -t nat -I PREROUTING -p tcp --dport X -j DNAT :22 iptables -t nat -I PREROUTING -p tcp --dport 22 -j DNAT :X
If you have a problem, and you use NAT, you will have two problems. 1. tell sshd to bind to both *:22 and *:1234; 2. set up a default deny firewall; and 3. allow 1234 from the internet (but not 22).
Also is there a better site to external scan your machine than the "Shields Up" site?
Never heard of it. Just run nmap and openvas, from outside the target network.