On Mon, Dec 10, 2001 at 10:21:57AM -0500, Joe Ellis wrote: > i'm having a problem ssh'ing to an internal box from the external device. > > this doesn't seem to work: > iptables -t nat -I PREROUTING -d $ip -p tcp --dport 2222 -j DNAT --to > 10.1.1.1:22
That looks OK to me. > > i figured that alone will work becuase i run this for vnc and it works > perfectly: > iptables -t nat -A PREROUTING -p tcp -i eth0 -d $ip --dport > 5900 -j DNAT --to-destination 10.254.0.10 > iptables -t nat -A PREROUTING -p tcp -i eth0 -d $ip --dport > 5800 -j DNAT --to-destination 10.254.0.10 > > when i run the first one for forwarding $ip:2222 to 10.1.1.1:22 it fails > at the forward chain. so i did the following just to be safe: > iptables -I FORWARD -j ACCEPT > Perhaps you could insert a LOG rule in the FORWARD chain to ensure the packets are getting to there and confirm what they look like there (dest IP and dest port etc.). HTH. Mark.
pgpRaXVhHrp9w.pgp
Description: PGP signature
