Re: iptables NAT
Make sure you aren't running services on whatever ports you are trying to forward.
If you want to forward ssh, make sure the firewall itself isn't running ssh on that IP.
E
On Tue, 1 Oct 2002 17:28:33 +0200
Davy Gigan <davy@info.unicaen.fr> wrote:
> On 27 Sep 2002 16:58:05 -0400
> "Sean McAvoy" <sean.mcavoy@megawheels.com> wrote:
>
> > Hello,
> > I've got a system with 3 interfaces, LAN, DMZ, INET. Inet has an alias
> > for another external IP. I've got it so it is forwarding DNS requests to
> > the system on the DMZ, but when I try to ssh to it I get the firewall
> > box... any ideas?
>
> Have you tried telneting open ports for (EXTERNAL IP). while
> doing this, have a look at /proc/net/ip_conntrack to see what's
> happening. Are you trying ssh <ip> or ssh <host>, maybye a dns
> record error ?
>
> > iptables -t nat -A PREROUTING -p tcp --source-port 20 -d
> > 207.61.160.164 --destination-port 1025:65535 -j DNAT --to-destination
> > 192.168.9.10
> > iptables -t nat -A PREROUTING -p tcp -m multiport -d (EXTERNAL IP)
> > --destination-ports 22,443,21,53,80,3495 -j DNAT --to-destination
> > 192.168.9.10
> > iptables -t nat -A PREROUTING -p udp -d (EXTERNAL IP)
> > --destination-port 53 -j DNAT --to-destination 192.168.9.10
>
> --
> Davy Gigan
> System & Network Administration [Please no HTML, I'm not a browser]
> University Of Caen (France) [Pas d'HTML, je ne suis pas un navigateur]
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
Reply to: