On Mon, Dec 10, 2001 at 10:21:57AM -0500, Joe Ellis wrote: > i'm having a problem ssh'ing to an internal box from the external device. > > this doesn't seem to work: > iptables -t nat -I PREROUTING -d $ip -p tcp --dport 2222 -j DNAT --to > 10.1.1.1:22 That looks OK to me. > > i figured that alone will work becuase i run this for vnc and it works > perfectly: > iptables -t nat -A PREROUTING -p tcp -i eth0 -d $ip --dport > 5900 -j DNAT --to-destination 10.254.0.10 > iptables -t nat -A PREROUTING -p tcp -i eth0 -d $ip --dport > 5800 -j DNAT --to-destination 10.254.0.10 > > when i run the first one for forwarding $ip:2222 to 10.1.1.1:22 it fails > at the forward chain. so i did the following just to be safe: > iptables -I FORWARD -j ACCEPT > Perhaps you could insert a LOG rule in the FORWARD chain to ensure the packets are getting to there and confirm what they look like there (dest IP and dest port etc.). HTH. Mark.
Description: PGP signature