On Mon, 4 Mar 2002, Wookey wrote: > And if phil's not around I can do it too. We now have a virtually permanent > connection here. I could arrange an externally-accessible arm test machine, > but someone would have to explain how to do the tunnelling through a > masqueraded firewall (and I've only got one IP). Is that do-able?
Yes. You can do port forwarding/redirection. Is your firewall running a 2.4 kernel? If so then you want something similar to the following: /sbin/iptables -t nat -A PREROUTING -p tcp -d <external interface IP> --dport 5555 -j DNAT --to-destination <machine to forard to>:22 /sbin/iptables -I FORWARD -p TCP -d <machine to forward to>/255.255.255.255 --dport 5555 -j ACCEPT Change IPs and port to suit setup. Then you run: "ssh -p 5555 <external interface IP>" when connecting from outside. Note there are security implications to this, allowing access to a machine inside your network... -Rms
