Re: Can't get DNAT to port forward SSH
>>>>> "JB" == Jim Breton <vader@conflict.net> writes:
JB> Nope, you still have to explicitly allow the packets to be
JB> forwarded.
JB>
Still no go. I added the following rules to my earlier firewall setup:
iptables -t nat -A PREROUTING -i eth0 -s SomeIpAddress \
-p tcp -d MyIpAddress --dport 22 \
-j DNAT --to 192.168.1.2
iptables -A FORWARD -i eth0 -s SomeIpAddress \
-p tcp --dport 22 -j ACCEPT
I also tried the above two rules using port 1111 instead of the standard
SSH port 22 for the --dport arg (and on the other end I did specify port
1111 to the ssh client):
iptables -t nat -A PREROUTING -i eth0 -s SomeIpAddress \
-p tcp -d MyIpAddress --dport 1111 \
-j DNAT --to 192.168.1.2:22
iptables -A FORWARD -i eth0 -s SomeIpAddress \
-p tcp --dport 22 -j ACCEPT
but still got the same results.
I'll take another look at this tomorrow, and see if changing the default
policy to ACCEPT on all chains makes any difference.
Thanks.
--
Salman Ahmed
ssahmed AT pathcom DOT com
Reply to: