Márcio H. Parreiras wrote:
Try the rules below, simple and clean:
EXT_IF='eth1' # the interface connected to Internet
SERVER='192.168.0.1 <http://192.168.0.1>' # or any else IP allocated
to machine
SSH='22'
SSH_SERVER='12345' # or another port you want
$IPTABLES -t nat -A PREROUTING -i $EXT_IF -p tcp --dport $SSH_SERVER -j
DNAT --to $SERVER:$SSH
$IPTABLES -t filter -A FORWARD -i $EXT_IF -p tcp --dport $SSH -d $SERVER
-j ACCEPT
note: server's sshd may listen on port 22 only.
Hi,
I think your rules correspond to mine :
iptables -A FORWARD -i $EXTERNAL_INTERFACE -o $INTERNAL_INTERFACE -p tcp
--sport $UNPRIVPORTS -d $SERVER --dport 22 -m state --state NEW -j ACCEPT
iptables -t nat -A PREROUTING -i $EXTERNAL_INTERFACE -p tcp -d $SERVER
--dport 12345 -j DNAT --to-destination $SERVER:22
The problem is that it opens the ports 22 and 12345 to the server.
Regards.
--
==============================================
| FRÉDÉRIC MASSOT |
| http://www.juliana-multimedia.com |
| mailto:[EMAIL PROTECTED] |
===========================Debian=GNU/Linux===
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
