What about having multiple systems (with seperate external IPs) behind the firewall? There must be away to do this without having to change the ssh port on the firewall. On Fri, 2002-09-27 at 17:32, Toni Janz wrote: > * Sean McAvoy <sean.mcavoy@megawheels.com> Dated [09/27/02 15:03] wrote: > > Hello, > > I've got a system with 3 interfaces, LAN, DMZ, INET. Inet has an alias > > for another external IP. I've got it so it is forwarding DNS requests to > > the system on the DMZ, but when I try to ssh to it I get the firewall > > box... any ideas? > > > > iptables -t nat -A PREROUTING -p tcp --source-port 20 -d > > 207.61.160.164 --destination-port 1025:65535 -j DNAT --to-destination > > 192.168.9.10 > > iptables -t nat -A PREROUTING -p tcp -m multiport -d (EXTERNAL IP) > > --destination-ports 22,443,21,53,80,3495 -j DNAT --to-destination > > 192.168.9.10 > > iptables -t nat -A PREROUTING -p udp -d (EXTERNAL IP) > > --destination-port 53 -j DNAT --to-destination 192.168.9.10 > > run sshd on a different port on the firewall > and nat standard requests > > > > > > > -- > > Sean McAvoy > > Network Analyst > > Megawheels Technologies Inc. > > Phone: 416.360.8211 > > Fax: 416.360.1403 > > Cell: 416.616.6599 > > > -- > Toni Janz
Attachment:
signature.asc
Description: This is a digitally signed message part