A little iptables help

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, Sep 28, 2005 at 11:46:50AM -0500, Aleksandar Milivojevic wrote:
> Quoting Kirk Bocek <t004@xxxxxxxxxx>:
> 
> >I did this successfully providing external SSH access to a collection 
> >of hosts on a private network. However for this to work, the hosts on 
> >the private net also need to be doing SNAT back out through the 
> >firewall.
> 
> Unless you are doing something funky, SNAT is not needed.  All he needs 
> is DNAT.
> Netfilter should take care of returning packets automagically (unless, as I
> said, you are doing something funky and confusing Netfilter with it).

If you have a RELATED,ESTABLISHED matching rule only.

[]s

- -- 
Rodrigo Barbosa <rodrigob@xxxxxxxxxxxxxxx>
"Quid quid Latine dictum sit, altum viditur"
"Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDO0dgpdyWzQ5b5ckRAnjTAKCy2+R0k3xShtfw4zrxLnTjUrnS5QCdFyQk
pD6qjQvuNV3f7DxeBia/B2I=
=VrJA
-----END PGP SIGNATURE-----
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux