Well what i was doing is completely doing ACCEPT as default rules just for testing purposes.
and i found out that THIS did work iptables -t nat -A PREROUTING -d EXTIP -p tcp --dport 22 -j DNAT --to 192.168.1.8:22 but then for some reason any other port for the --dport wasnt working. Then for shits n giggles, i tried it as port 80. And guess what it worked, so then i concluded, that where i was testing it from, my work, blocks most outgoing ports :) Took me about 6+ hours into my work day before i figured that out :( thanks -paul --- funky soul <[EMAIL PROTECTED]> wrote: > hi Paul, > > On Wed, 30 Apr 2003 09:52:18 -0700 (PDT) > Paul <[EMAIL PROTECTED]> wrote: > > > I have 2 linux boxes, and 2 windows boxes. One > linux > > box will be the firewall/gateway, internet on eth0 > and > > internal lan on eth1. What im looking for is > basic > > suggestions on my script, and also needing to know > how > > i can lets say have all external connections that > try > > to connect to me on port 10022 be forwarded to > > 192.168.1.8:22, so that i can be able to ssh into > both > > of my linux boxes, the firewall one, and an > internal > > one. Ive had 0 luck with adding stuff into > PREROUTING > > to get it working, after looking at many scripts. > I > > the linux ip masq howto sure did answer my questions > about this > http://www.e-infomax.com/ipmasq/howto/c-html/index.html > > i *think* you'll have to use different ports (at the > firewall > at least) for ssh logins into different hosts. > > > currently have rinetd running with it, which will > > allow me to connect via 10022 within my internal > > network and it does forward it correctly, but by > doing > > an external connection to port 10022, it cant > connect > > at all, and yes i did open port 10022 on my INPUT, > the > > script below doesnt include that since im in > testing > > phase, but id prefer to get it working w/o rinetd. > > INPUT is applied when a packet arrives in to the > firewalling host. > what you want is 'FORWARD' to forward packets > comming in on one port > (let's say port 10022) and pass it to another port > (e.g. port 22 on > which sshd listens per default) on another host. > > i use something like > $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp > --dport 22 -m state --state \ > NEW,ESTABLISHED,RELATED -j ACCEPT > $IPTABLES -A PREROUTING -t nat-p tcp -d$EXTIP > --dport 22 -j DNAT \ > --to$PORTFWIP:22 > > lemme know if this helps or especially if i'm wrong > > f. soul > > -- > , , > / \ GNU's not Unix > ((__-^^-,-^^-__)) > `-_---' `---_-' Funky Soul > `--|o` 'o|--' > \ ` / funkysoul@ > ): :( swissonline.ch > :o_o: > "-" > > ATTACHMENT part 2 application/pgp-signature __________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com
