Re: (Q) Coming in through a firewall
From: /dev/rob0 (rob0@gmx.co.uk)Date: 11/07/02
- Next message: Dragan Cvetkovic: "Re: Fetchmail misbehaviour?"
- Previous message: Nico Kadel-Garcia: "Re: Fetchmail misbehaviour?"
- In reply to: Timothy Murphy: "Re: (Q) Coming in through a firewall"
- Next in thread: : "Re: (Q) Coming in through a firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: /dev/rob0 <rob0@gmx.co.uk> Date: Wed, 6 Nov 2002 17:01:56 -0800
In article <aqbce3$2bsq$1@boole.maths.tcd.ie>, Timothy Murphy wrote:
> $IPTABLES -p tcp -A FORWARD -i $EXTIF -o $INTIF --dport 22 -j ACCEPT
You have defined EXTIF and INTIF in the script, correct? Anyway, what I
think is the problem here is that you're using FORWARD rather than INPUT
chain. Of course other rules you have, and the order thereof, might void
the warranty on this answer. :)
I have such a rule in a chain which is called in both INPUT and FORWARD.
I don't think the FORWARD rule is strictly necessary, but then again, my
understanding of iptables is not very good.
Is this sshd running on the firewall box itself, or are you wanting to
do port forwarding to an internal server? If the latter, you also need a
DNAT rule like this:
$IPT -A PREROUTING -t nat -p tcp -i $EXTIF --dport 22 -j DNAT \
--to $FWDHOST:22
(of course you need to define FWDHOST too. :)
-- /dev/rob0 - preferred_email=i$((28*28+28))@softhome.net or put "not-spam" or "/dev/rob0" in Subject header to reply
- Next message: Dragan Cvetkovic: "Re: Fetchmail misbehaviour?"
- Previous message: Nico Kadel-Garcia: "Re: Fetchmail misbehaviour?"
- In reply to: Timothy Murphy: "Re: (Q) Coming in through a firewall"
- Next in thread: : "Re: (Q) Coming in through a firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
