Well it turned out to be my own silly mistake. I didn't enable "CONFIG_IP_NF_MATCH_MULTIPORT" in the kernel, which allows multiple ports to be specified in a single rule. And since I disabled module support, I gots to compile a new kernel and reboot. So much for uptime thanks to those who helped. On Fri, 2002-09-27 at 16:58, Sean McAvoy wrote: > Hello, > I've got a system with 3 interfaces, LAN, DMZ, INET. Inet has an alias > for another external IP. I've got it so it is forwarding DNS requests to > the system on the DMZ, but when I try to ssh to it I get the firewall > box... any ideas? > > iptables -t nat -A PREROUTING -p tcp --source-port 20 -d > 207.61.160.164 --destination-port 1025:65535 -j DNAT --to-destination > 192.168.9.10 > iptables -t nat -A PREROUTING -p tcp -m multiport -d (EXTERNAL IP) > --destination-ports 22,443,21,53,80,3495 -j DNAT --to-destination > 192.168.9.10 > iptables -t nat -A PREROUTING -p udp -d (EXTERNAL IP) > --destination-port 53 -j DNAT --to-destination 192.168.9.10 > > > -- > Sean McAvoy > Network Analyst > Megawheels Technologies Inc. > Phone: 416.360.8211 > Fax: 416.360.1403 > Cell: 416.616.6599 -- Sean McAvoy Network Analyst Megawheels Technologies Inc. Phone: 416.360.8211 Fax: 416.360.1403 Cell: 416.616.6599
Attachment:
signature.asc
Description: This is a digitally signed message part