IP checking of hosts on a forwarded private network




On a Debian network, I've set up iptables forwarding into a private
network, using this sort of thing:

iptables -t nat -A PREROUTING -p tcp -d 163.57.143.178 --dport 9000 -j
DNAT --to 192.168.0.1:22

The three machines on the private network each get assigned their own
port on the gateway:

ssh 163.57.143.178 -p 9001

gets me to the elusive 192.168.0.2 and so on. This works great, except for
openssh's host ip checking. As far as openssh is concerned, all four
machines are the same machine, with four different RSA keys.

On SSH2, known_hosts stores host:port. Is something equivalent available
in openssh? Workarounds?

Cheers,
Dave