Re: IP checking of hosts on a forwarded private network



On Fri, 29 Jun 2007, David Liontooth wrote:


On a Debian network, I've set up iptables forwarding into a private
network, using this sort of thing:

iptables -t nat -A PREROUTING -p tcp -d 163.57.143.178 --dport 9000 -j
DNAT --to 192.168.0.1:22

The three machines on the private network each get assigned their own
port on the gateway:

ssh 163.57.143.178 -p 9001

gets me to the elusive 192.168.0.2 and so on. This works great, except for
openssh's host ip checking. As far as openssh is concerned, all four
machines are the same machine, with four different RSA keys.

On SSH2, known_hosts stores host:port. Is something equivalent available
in openssh? Workarounds?

Never mind, I found the answer in the archives --

Host port22
HostName 1.2.3.4
Port 22
HostKeyAlias port22
Host port2022
HostName 1.2.3.4
Port 2022
HostKeyAlias port2022

Works!

Dave



Relevant Pages

  • Re: pre-scanning for vulnerability scans?
    ... If by source, you're refering to the network you are testing from, you ... dictionary file for finding host names. ... full port SYN scan on detected hosts ... Audit your website security with Acunetix Web Vulnerability Scanner: ...
    (Pen-Test)
  • Re: Using Remote Desktop From an SBS Domain
    ... It goes into detail about how to set the host computer up (the ... the port number you connect to from 80 to a port of your choice. ... machine is on a University network and has a public IP address assigned ... trying to logon to my SBS. ...
    (microsoft.public.windows.server.sbs)
  • Re: abnormal (excessive) number of arp requests on subnet?
    ... The title also applies to network design/operation. ... Though with the switches, you'll have to do some thinking about where ... A separate box attached to the monitor port on ... and how does that traffic get from Host A to Host N or what-ever. ...
    (comp.os.linux.networking)
  • Re: Should I configure a firewall to allow multicast?
    ... firewall is blocking various hosts to 192.168.1.255 port 138. ... network running from 192.168.1.0 through 192.168.1.255 which would ... broadcast address - received by every host on the subnet. ...
    (comp.security.firewalls)
  • Getting email from private network to internet via sendmail
    ... I have several Solaris 8 machines on a private, non-routable network ... from the bastion host to the outside world works without any problems. ...
    (SunManagers)