* Frank Brodbeck (oakenshield@gmx.net) [020805 09:24]: > Maybe I should begin with the idea that's behind my question. > > I want to give some persons access via ssh to a machine behind my > firewall. Therefor I installed dns2go and run it from the $targe_host. > Naturally dns2go resolves the official IP of my firewall because it > has also the funtion of my router and gateway (simply to few pc's at home). > > My problem is now how to route externally incoming ssh traffic to > $target_host? As far as I understood ipchains (yes, 2.2er Kernel and > please don't tell me to change to 2.4 until it's not possible to solve the > problem with 2.2) I can't use redirect for my problem, correct? > > Another solution seems to be NAT but I'm a completely blank sheet of > paper to that. That's the way it's done with netfileter, the 2.4 kernel infrastructure. You can run a simple socket redirector listening on a different port for each internal service you wish to serve. You're essentially running a "man in the middle" so SSH will loudly complain each time that the host keys don't match, but it will work. Try to install the redir package and reading its docs for starters. It should do what you want. Another option is to set up tunnels with ssh to do the redirecting. That's not as clean as a permanent solution as is redir, though, IMO. (Mostly because it means you have to have an ssh connection connected the whole time or the tunnels close, too. Redir can just be run from inetd when a connection is initiated.) > #:OTHER: Other services > ssh stream tcp nowait root root@$target_host:/usr/sbin/sshd No, it just doesn't work that way. good times, Vineet -- http://www.doorstop.net/ -- "Computer Science is no more about computers than astronomy is about telescopes." -- E.W. Dijkstra
Attachment:
pgpZLfOUAZW47.pgp
Description: PGP signature