Re: iptables: forwarding port to another machine
From:Date: 07/16/02
- Next message: Eric: "Re: More info (Was: Web access stopped working - intrusion?)"
- Previous message: Mike Martin: "iptables: forwarding port to another machine"
- In reply to: Mike Martin: "iptables: forwarding port to another machine"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 16 Jul 2002 18:34:29 +0200
Mike Martin wrote:
>
> (I understand this isn't quite security ... but your guys know iptables
> best)
>
> I have two machines I would like to be able to ssh into from the internet.
> The first has two NICs and in the gateway to the internet; eth0 connects
> to the internet, eth1 to my LAN. The second machine is located on the
> LAN with a static ip address.
>
> SSH is setup and working properly on both machines from the LAN and on
> the gateway machine you can ssh in from the internet.
>
> What I would like is to add to my iptables firewall some rules that would
> forward packets sent to a designated (non-standard) ssh port on the
> gateway, to the internal machine's port 22.
>
> Basically if you ssh to the gateway I want to get a shell on the gateway.
> If I ssh to a designated alternate port on the gateway, I want to get a
> shell on the internal machine. I'm guessing this can be done fairly easily
> with REDIRECT, but my attemps have failed. Can anyone help?
You should not use REDIRECT. What you need to use is DNAT. Something like:
-A PREROUTING -p tcp -m tcp --dport 54321 -j DNAT --to-destination 192.168.42.42:22
-- Kasper Dupont -- der bruger for meget tid på usenet. For sending spam use mailto:razrep@daimi.au.dk or mailto:mcxumhvenwblvtl@skrammel.yaboo.dk
- Next message: Eric: "Re: More info (Was: Web access stopped working - intrusion?)"
- Previous message: Mike Martin: "iptables: forwarding port to another machine"
- In reply to: Mike Martin: "iptables: forwarding port to another machine"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
