/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
I'm using DNAT to tunnel SSH connections through my iptables firewall,
and it works, but I noticed something today. From my internal server's
point of view, all incoming connections appear to be originating from my
firewall. That is, the remote IP cannot be determined at all.
Under ipchains/ipfwadm, this was not the case. The tunnelled
connections gave the true IP address of the originator, out on the
internet (and could be used for hosts.allow/deny, etc).
I'm doing the DNAT in what I think is the expected way:
iptables -t nat -A PREROUTING -i ppp0 \
-p tcp --dport 22 -j DNAT --to 192.168.1.2
This behavior, though, doesn't seem right to me. Does anyone have a
guess for the reason I see this behavior?
I'm not using anyone's prepackaged script; I came up with my own ruleset
so that I could learn more about how this stuff works.
--
[EMAIL PROTECTED] (Fuzzy Fox) || "Good judgment comes from experience.
sometimes known as David DeSimone || Experience comes from bad judgment."
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
