[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

iptables for reach a subdomain

Hi folks,

I would like to connect via ssh to my host machine inside a LAN using
iptables. In order words, for open two terminals from my job (one for
the server and the other one for the machine on the host), I would
like to connect to the machine inside throughout a simple redirection.
The closer solution I found was that using PAT. But first, I'm not
sure if it's the best choice; second, I'm in doubt about the syntax
I'm using for iptables:

# iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 22 -j REDIRECT
--to-port ?

Tha was the first idea. But I think that I would loose the connection
with-- let me call -- hostB(inside, not public IP).

So I thought to give a higher port and make the hostA(server,
connected to public internet and NATing my home network) redirect this
port number for hostB. That would be:

# iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2200 -j
REDIRECT --to-port ?

The interrogations mark(?) mean that I'm not sure if I could use, in
my case, "--to-port hostB.hostA.homelinux.net" for instance. I don't
think so cuz it's a PAT...so it should based on port numbers and not

Basically, the idea is open a remote connection for hostA using port
22 and, simoutaneously, open a second connection directly to hostB (by
passing hostA) using port 2200.

So I have:

JOB------> INTERNET-----------> hostA (if port
22)-------------------------------> hostB
                                              | OR                    
                                              | if (port = 2200)
REDIRECT to hostB         |
                                              eth0: public            
             eth0: private
                                              eth1: private

Further, hostB is part of hostA domain.

Please, if someone has some doubt about this crazy idea, let me know.

Romulo Sousa

Reply to: