--- Jason McCarty <[EMAIL PROTECTED]> wrote: > Paul wrote: > > Ok, im resetting up my home network, and hence the > > reason for this letter :) > > > > I have 2 linux boxes, and 2 windows boxes. One > linux > > box will be the firewall/gateway, internet on eth0 > and > > internal lan on eth1. What im looking for is > basic > > suggestions on my script, and also needing to know > how > > i can lets say have all external connections that > try > > to connect to me on port 10022 be forwarded to > > 192.168.1.8:22, so that i can be able to ssh into > both > > of my linux boxes, the firewall one, and an > internal > > one. Ive had 0 luck with adding stuff into > PREROUTING > > to get it working, after looking at many scripts. > I > > currently have rinetd running with it, which will > > allow me to connect via 10022 within my internal > > network and it does forward it correctly, but by > doing > > an external connection to port 10022, it cant > connect > > at all, and yes i did open port 10022 on my INPUT, > the > > script below doesnt include that since im in > testing > > phase, but id prefer to get it working w/o rinetd. > > Well, to do this without rinetd, you probably want > the following rules: > $IPTABLES -t nat -A PREROUTING -i $EXTDEV -p tcp > --dport 10022 \ > -j DNAT --to $192.168.1.8:22 > $IPTABLES -A FORWARD -i $EXTDEV -o $INTDEV -d > 192.168.1.8 \ > --dport 22 -j ACCEPT > Note that this will only work when testing from a > machine outside your > firewall. > > HTH, > > Jason >
Well i figured out i did test it like that, and my work blocks many outgoing ports, but i was able to get it to forward port 23 to 192.168.1.8:22 Now my forward cmd i have is just iptables -A FORWARD -p tcp --dport 22 -j ACCEPT and it works fine, now any reason as to why you suggest to make it $IPTABLES -A FORWARD -i $EXTDEV -o $INTDEV -d 192.168.1.8 --dport 22 -j ACCEPT is it for security reasons or some other thing? Also how would i go by to make it so it would also work from the internal network, because i do plan on getting a web server running as well which would just be iptables -t nat -A PREROUTING -p tcp -d $EXTIP --dport 80 -j DNAT --to 192.168.1.8:80 iptables -A FORWARD -p tcp --dport 80 -j ACCEPT But i would like it so i could view the website internally as well, and not quite sure how to go about that, because i know its just prerouting stuff from the external network, not internal one __________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com
