From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Jeroen van Leeuwen" Subject: Re: SSH dnat Date: Sun, 1 Dec 2002 10:44:18 -0800 Sender: netfilter-admin@lists.netfilter.org Message-ID: <000c01c29969$a8617410$0a0a0a0a@windblows> References: <000801c29949$359d2a70$02a8a8c0@hades> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0009_01C29926.99F03B20" Return-path: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: To: Ambor , netfilter@lists.netfilter.org This is a multi-part message in MIME format. ------=_NextPart_000_0009_01C29926.99F03B20 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable are you sure that your server is listening on port 2323? The rule as i use it is: iptables -t nat -A PREROUTING -p tcp --dport 2000 -i eth2 -j DNAT --to = 10.10.10.1:22 the server is listening on port 22 of 10.10.10.1 reachable from externel on port 2000 grtn jeroen ----- Original Message -----=20 From: Ambor=20 To: netfilter@lists.netfilter.org=20 Sent: Sunday, December 01, 2002 6:52 AM Subject: SSH dnat Hello everyone, I'm trying to dnat SSH throught the firewall to an internal machine. I use following Rule iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2323 -j DNAT = --to-destination internal_IP:2323 eth0 is connected to internet The problem is that the connection is allrght it just seems that I = don't get an answer from the ssh server. (I'm getting a connection timeout, ot a connection refused) To be sure I don't filter anything, so all trafic is accepted Can someone help me? thx Ronny --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.422 / Virus Database: 237 - Release Date: 20-11-2002 ------=_NextPart_000_0009_01C29926.99F03B20 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
are you sure that your server is = listening on port=20 2323?
The rule as i use it is:
iptables -t nat -A PREROUTING -p tcp = --dport 2000=20 -i eth2 -j DNAT --to 10.10.10.1:22
the server is listening on port 22 of=20 10.10.10.1
reachable from externel on port = 2000
 
grtn jeroen
----- Original Message -----
From:=20 Ambor=20
To: netfilter@lists.netfilter.o= rg=20
Sent: Sunday, December 01, 2002 = 6:52=20 AM
Subject: SSH dnat

Hello everyone,
 
I'm trying to dnat SSH throught the = firewall to=20 an internal machine.
 I use following = Rule
 
iptables -t nat -A PREROUTING -i eth0 = -p tcp=20 --dport 2323 -j DNAT --to-destination = internal_IP:2323
 
eth0 is connected to = internet
 
The problem is that the connection is = allrght it=20 just seems that I don't get an answer from the ssh = server.
(I'm getting a connection timeout, ot = a=20 connection refused)
 
To be sure I don't filter anything, = so all trafic=20 is accepted
 
Can someone help me?
 
thx
 
Ronny
 

---
Outgoing mail is certified = Virus=20 Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: = 6.0.422=20 / Virus Database: 237 - Release Date:=20 20-11-2002
------=_NextPart_000_0009_01C29926.99F03B20--