Re: iptables - dynamic ip - port forward ssh to internal box
Paul wrote:
> Ok, im resetting up my home network, and hence the
> reason for this letter :)
>
> I have 2 linux boxes, and 2 windows boxes. One linux
> box will be the firewall/gateway, internet on eth0 and
> internal lan on eth1. What im looking for is basic
> suggestions on my script, and also needing to know how
> i can lets say have all external connections that try
> to connect to me on port 10022 be forwarded to
> 192.168.1.8:22, so that i can be able to ssh into both
> of my linux boxes, the firewall one, and an internal
> one. Ive had 0 luck with adding stuff into PREROUTING
> to get it working, after looking at many scripts. I
> currently have rinetd running with it, which will
> allow me to connect via 10022 within my internal
> network and it does forward it correctly, but by doing
> an external connection to port 10022, it cant connect
> at all, and yes i did open port 10022 on my INPUT, the
> script below doesnt include that since im in testing
> phase, but id prefer to get it working w/o rinetd.
Well, to do this without rinetd, you probably want the following rules:
$IPTABLES -t nat -A PREROUTING -i $EXTDEV -p tcp --dport 10022 \
-j DNAT --to $192.168.1.8:22
$IPTABLES -A FORWARD -i $EXTDEV -o $INTDEV -d 192.168.1.8 \
--dport 22 -j ACCEPT
Note that this will only work when testing from a machine outside your
firewall.
HTH,
Jason
Reply to: