Re: iptables NAT

To: debian-firewall@lists.debian.org
Subject: Re: iptables NAT
From: Davy Gigan <davy@info.unicaen.fr>
Date: Tue, 1 Oct 2002 17:28:33 +0200
Message-id: <[🔎] 20021001172833.61c9333e.davy@info.unicaen.fr>
In-reply-to: <1033160286.28379.16.camel@smlinux.drive-megawheels.com>
References: <1033160286.28379.16.camel@smlinux.drive-megawheels.com>

On 27 Sep 2002 16:58:05 -0400
"Sean McAvoy" <sean.mcavoy@megawheels.com> wrote:

> Hello,
> I've got a system with 3 interfaces, LAN, DMZ, INET. Inet has an alias
> for another external IP. I've got it so it is forwarding DNS requests to
> the system on the DMZ, but when I try to ssh to it I get the firewall
> box... any ideas?

Have you tried telneting open ports for (EXTERNAL IP). while
doing this, have a look at /proc/net/ip_conntrack to see what's
happening. Are you trying ssh <ip> or ssh <host>, maybye a dns
record error ?

> iptables -t nat -A PREROUTING  -p tcp  --source-port 20  -d
> 207.61.160.164 --destination-port 1025:65535 -j DNAT --to-destination
> 192.168.9.10
> iptables -t nat -A PREROUTING  -p tcp -m multiport   -d (EXTERNAL IP)
> --destination-ports 22,443,21,53,80,3495 -j DNAT --to-destination
> 192.168.9.10
> iptables -t nat -A PREROUTING  -p udp   -d (EXTERNAL IP)
> --destination-port 53 -j DNAT --to-destination 192.168.9.10

-- 
Davy Gigan
System & Network Administration      [Please no HTML, I'm not a browser]
University Of Caen (France)   [Pas d'HTML, je ne suis pas un navigateur]

Reply to:

Follow-Ups:
- Re: iptables NAT
  - From: Elliot F <elliotf@gratuitous.net>

Prev by Date: Re: dhcp server subnetting
Next by Date: Re: dhcp server subnetting
Previous by thread: Re: dhcp server subnetting
Next by thread: Re: iptables NAT
Index(es):
- Date
- Thread