eth wrote: > > Hi listers. > > I try to make a simple tunnel for a jdbc connection with port forward from > one machine to another via a firewall. > > |client| --Inet--> |firewall| --LAN--> |database| > > The client runs a ssh client with port forwarding to the firewall machine. > On the fw I have the "simpleproxy" which is a tcp proxy that forwards all > local sockets to a remote host. Yet I thought I should do a: > > iptables -t nat -A OUTPUT -d 194.226.254.1 -p tcp -m tcp --dport 1521 -j > DNAT --to-destination 192.168.10.100:1521 > > ... which should do the fw->database port forward trick; it doesn't. :-|
Hi, you don't even need to use netfilter's port-forwarding and also no simpleproxy. SSH does all the job on it's own and most secure too ... on the client you use: ssh -L 1521:192.168.10.100:1521 user@firewall then your database frontend on the client should be able to connect to the database using the localhost interface 127.0.0.1:1521 - that's it. Regards - Karl
