Re: Can't get DNAT to port forward SSH
On Tue, Jul 03, 2001 at 02:39:22AM -0500, S . Salman Ahmed wrote:
> $IPTABLES -t nat -A PREROUTING\
> -i eth0 -s <SomeIPAddress>\
> -p tcp -d <CableISPassignedIPaddress>\
> --dport 22 -j DNAT --to 192.168.1.2
That looks fine.
> $IPTABLES -A FORWARD -i eth0 -m state --state NEW,INVALID -j DROP
Only looked at your rule set briefly but I think that is the line that
is killing you. You will need a line to specifically forward tcp
blabla.. (basically matching your DNAT rule) to your internal address.
P.S. Your configuration appears to be of the "default accept" nature,
rather than "default drop." I would recommend a complete re-write to
drop and log by default, and then write rules to allow just those things
you need. :) But hopefully the above answers your actual question.
--
Jim B.
vader@conflict.net
Reply to: