forwarding ssh requests
David A. Sinck
plug-discuss@lists.plug.phoenix.az.us
Tue, 20 May 2003 13:00:53 -0700
\_ SMTP quoth Liberty Young on 5/20/2003 12:49 as having spake thusly:
\_
\_ This:
\_ /sbin/iptables -t nat -A PREROUTING -p tcp -m tcp --dport 3022 \
\_ -j DNAT --to-destination 192.168.0.10:22
\_ doesn't work for me.
\_
\_ Here's what i have right now:
\_ [root@athena init.d]# iptables -L
\_ Chain INPUT (policy ACCEPT)
\_ target prot opt source destination
\_ ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
\_ ACCEPT tcp -- anywhere anywhere tcp dpt:auth
\_ ACCEPT tcp -- anywhere anywhere tcp dpt:3022
\_
\_ Chain FORWARD (policy ACCEPT)
\_ target prot opt source destination
\_ ACCEPT all -- anywhere anywhere state
\_ RELATED,ESTABLISHED
\_ DROP all -- anywhere anywhere state
\_ INVALID,NEW
You're going to have to allow new inbound packets on your forward
chain for the relevant ports. Probably
/sbin/iptables -I FORWARD -p tcp --dport 3022 -J ACCEPT
otherwise, it's a real short trip.
I'd probably also be inclined to change the policy on several of your
chains to DROP, but that's just me.
\_ ACCEPT all -- anywhere anywhere
\_ LOG all -- anywhere anywhere LOG level
\_ warning
\_
\_ [...]
YMMV.
David