[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Can't get DNAT to port forward SSH

>>>>> "JB" == Jim Breton <vader@conflict.net> writes:
    JB>  Nope, you still have to explicitly allow the packets to be
    JB> forwarded.
    JB> 

Still no go. I added the following rules to my earlier firewall setup:

iptables -t nat -A PREROUTING -i eth0 -s SomeIpAddress \
	 -p tcp -d MyIpAddress --dport 22 \
	 -j DNAT --to 192.168.1.2   

iptables -A FORWARD -i eth0 -s SomeIpAddress \
	 -p tcp --dport 22 -j ACCEPT


I also tried the above two rules using port 1111 instead of the standard
SSH port 22 for the --dport arg (and on the other end I did specify port
1111 to the ssh client):

iptables -t nat -A PREROUTING -i eth0 -s SomeIpAddress \
	 -p tcp -d MyIpAddress --dport 1111 \
	 -j DNAT --to 192.168.1.2:22

iptables -A FORWARD -i eth0 -s SomeIpAddress \
	 -p tcp --dport 22 -j ACCEPT

but still got the same results.

I'll take another look at this tomorrow, and see if changing the default
policy to ACCEPT on all chains makes any difference.

Thanks.

-- 
Salman Ahmed
ssahmed AT pathcom DOT com
Reply to: