On Thursday 07 March 2002 09:02, DevilKin wrote: > Hello list, > > I don't know if this is a rather dump question or not. I've looked through > the FAQ and through Rusty's guides. In the latter I found the text that 'it > wasn't really supported' to do NAT on connections originating on the box > itselfs. > > Basically: i want to do this > > On my box X, i initiate an ssh connection to box Y on port 22. Before the > connection is actually made the port must be 'rewritten' to 5000. (no, i > can't use the ssh -p parameter), then the connection can be made. > > I've tried many different setups with rules, but I can't get it correct. > > If i'm correct it should be something like this: > > iptables -t nat -A OUTPUT -p tcp --destination dest.box.ip --dport 22 -j > DNAT --to-destination dest.box.ip:5000 > > this rule repeated twice, once for UDP and once for TCP. > > IPTables accepts the input, but it doesn't work when I initate a connection > with ssh dest.box.ip > > Any ideas/patches/... to try? > > Thanks! > > DK
Forgot to mention i'm using Iptables-1.2.5 and the latest kernel with the -ac patch, being linux-2.4.19-pre2-ac2. I've discovered some patch files for local natting in the cvs under patch-o-matic/pending for local natting. I've patched my kernel and am going to try it out.
