Re: SSH Port Forwarding with iptables

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Gáspár Lajos" <swifty@freemail.hu>
To: Pascal Hambourg <pascal.mail@plouf.fr.eu.org>
Cc: Bill Hendrickson <wjhendrickson@gmail.com>,
	netfilter list <netfilter@vger.kernel.org>
Subject: Re: SSH Port Forwarding with iptables
Date: Thu, 01 Oct 2009 18:26:15 +0200	[thread overview]
Message-ID: <4AC4D827.3040101@freemail.hu> (raw)
In-Reply-To: <4AC4864E.4020404@plouf.fr.eu.org>

Hi!

Pascal Hambourg írta:
> You don't need SNAT nor masquerade. It hides the real source address
> from the server. You just need to add a proper route on the server so it
> knows how to reach the client address via the router.
>
> Besides, the SNAT rule proposed by Gaspar could not help because it
> works on the external interface, while the missing route on the server
> requires SNAT/MASQUERADE on the internal interface.
>   
After reading back the whole conversation I found out that you are right! :D
I just thought that we have here an usual "gateway/firewall" scenario.

So you really only need SNAT/MASQUERADE on any interface (mostly on the 
internet side) if your connected network (internet) does NOT knows 
anything about the other side of your gateway (your LAN).

Swifty

next prev parent reply	other threads:[~2009-10-01 16:26 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-09-29 15:16 SSH Port Forwarding with iptables Bill Hendrickson
2009-09-29 16:14 ` Bill Hendrickson
2009-10-01 10:37   ` Pascal Hambourg
2009-10-01 15:24     ` Bill Hendrickson
2009-10-01 22:07       ` Pascal Hambourg
2009-10-01 16:26     ` Gáspár Lajos [this message]
2009-09-29 16:16 ` Gáspár Lajos
2009-09-29 16:41   ` Bill Hendrickson
2009-09-29 17:00     ` Gáspár Lajos
2009-09-29 17:12       ` Bill Hendrickson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4AC4D827.3040101@freemail.hu \
    --to=swifty@freemail.hu \
    --cc=netfilter@vger.kernel.org \
    --cc=pascal.mail@plouf.fr.eu.org \
    --cc=wjhendrickson@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.