From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Andrew Magnus" Subject: Re: SSH dnat Date: Tue, 03 Dec 2002 20:48:53 +0000 Sender: netfilter-admin@lists.netfilter.org Message-ID: Mime-Version: 1.0 Return-path: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: Content-Type: text/plain; format=flowed; charset="us-ascii" Content-Transfer-Encoding: 7bit To: netfilter@lists.netfilter.org iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2323 -j DNAT --to-destination internal_IP:2323 ...also needs... iptables -t nat -A POSTROUTING -s internal_IP -p tcp --sport 2323 -j SNAT --to-source external_IP:2323 Otherwise, you've only got traffic going one way: into the ssh server. If you're dealing with a dynamic IP address on your external interface, you should instead use: iptables -t nat -A POSTROUTING -s internal_IP -o eth0 -p tcp --sport 2323 -j MASQUERADE Hope that helps. From: "Ambor" To: Subject: SSH dnat Date: Sun, 1 Dec 2002 15:52:02 +0100 Hello everyone, I'm trying to dnat SSH throught the firewall to an internal machine. I use following Rule iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2323 -j DNAT --to-destination internal_IP:2323 eth0 is connected to internet The problem is that the connection is allrght it just seems that I don't get an answer from the ssh server. (I'm getting a connection timeout, ot a connection refused) To be sure I don't filter anything, so all trafic is accepted Can someone help me? thx Ronny _________________________________________________________________ STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail