I'm doing this currently but the real problem here is that I have several machines that need to be ssh'd in to and several web servers (I'm hosting my personal servers and another's servers) so the same ports need to be accessible outside. i.e., ssh1.foo.org:22 ssh2.foo.org:22. I don't like having to put one or the other server on say accessible via port 2222 to the outside world if for anything because keys collide when trying to go the same hostname but there's a different key there.
On Thu, 2002-04-25 at 22:56, [EMAIL PROTECTED] wrote: > RE: Masqueraded DNS and one IP > > > A better method of Prerouting is to use a different destination address .. > :) > > ### Internal Mail Serv > $IPTABLES -t nat -A PREROUTING -i ppp0 -p tcp --dport 110 -j DNAT --to > 192.168.0.2:1111 > $IPTABLES -t nat -A PREROUTING -i ppp0 -p udp --dport 110 -j DNAT --to > 192.168.0.2:1111 > > ### Internal Web Server DNAT > $IPTABLES -t nat -A PREROUTING -i ppp0 -p tcp --dport 80 -j DNAT --to > 192.168.0.3:8888 > > ### Internal DNS Server DNAT > #### Please make sure that your Servers are runnin on the correct port or > whateva you want it to be :) . > > $IPTABLES -t nat -A PREROUTING -i ppp0 -p tcp --dport 53 -j DNAT --to > 192.168.0.4:533 > > ### Allow Port Forwarding on the Ports Specified > $IPTABLES -A FORWARD -p tcp -i ppp0 -d 192.168.0.2 --dport 1111 -j ACCEPT > $IPTABLES -A FORWARD -p udp -i ppp0 -d 192.168.0.2 --dport 1111 -j ACCEPT > $IPTABLES -A FORWARD -p tcp -i ppp0 -d 192.168.0.3 --dport 8888 -j ACCEPT > $IPTABLES -A FORWARD -p tcp -i ppp0 -d 192.168.0.4 --dport 533 -j ACCEPT > $IPTABLES -A FORWARD -p udp -i ppp0 -d 192.168.0.4 --dport 533 -j ACCEPT > > All machines must have the Default Gateway of the Masquerade Box and Maybee > all boxes can get DNS from your DNS server ??? > > make sure you have DnS Forwarding enabled or a root cache DnS server ... > > all your internal Services should now be accessed by the Internet on the > Gateways External Address @ the correct Port / Proto . > > hope this helps .. > > > > > >
