Redirect SSH on a single IP
Kenneth Burgener
kenneth at mail1.ttak.org
Mon Apr 20 14:46:30 MDT 2009
On 4/20/2009 1:38 PM, Richard Esplin wrote:
> Current Attempts:
> ${IPTABLES} -t nat -A PREROUTING -i ${IFACE_EXT} -p tcp --dport 2022 -j
> REDIRECT --to 22
>
> This works as long as I add port 22 to the above ACCEPT statement, but that
> would defeat the purpose.
>
> ${IPTABLES} -t nat -I PREROUTING -i {IFACE_EXT} -p tcp --dport 2022 -j
> DNAT --to ${IPADDRE_INT}:22
>
> This looks to me like it should work, but the port still reports as being
> closed.
I think you are only missing the ACCEPT on the FORWARD table:
/sbin/iptables -t nat -A *PREROUTING* -p tcp -i eth0 --dport 9999 -j *DNAT* --to 10.10.10.3:22
/sbin/iptables -A *FORWARD* -p tcp -i eth0 -d 10.10.10.3 --dport 22 -j *ACCEPT*
This is what I have and it works.
kenneth
More information about the PLUG
mailing list