On Sat, 26 Jul 2003 09:18:52 -0400, "Andrew St. Jean" <ast.000@xxxxxxxxxxxx> wrote in message <3F227FBC.6000403@xxxxxxxxxxxx>: > I'm hoping someone can tell me if what I'm trying to do is possible > and if so, how. > > Here's a picture of my network topology: > > machine x-------internet---------machine y-----private LAN----host > a/b/c > > Machine x has one interface with a public static IP. > Machine y has two interfaces, one with a public dynamic IP and the > other with a private static IP. > > Both machines x and y have iptables installed and running. > I have an ipsec tunnel (using FreeS/Wan) working between machines x > and y. With this tunnel I can ping any of the hosts on my private LAN > from machine x. I can also mount a shared partition from, say, host b > onto machine x. I include this just to show that the ipsec tunnel is > working. > > What I want to do is use NAT to forward certain ports on machine x to > machines on my private LAN. Right now, if I open a port in iptables on > machine x, I can connect to machine x from the internet on that port. > If I try to forward the port to host c, packets seem to disappear on > machine x. I can see the packets arrive at machine x using tcpdump but > nothing goes out again. > > Thanks for any help provided. ..what you ask for is doable as "ssh portforwarding", usually done to localhost, but I dont see any reason why not to put those ports on hosts y, a, b or c instead of "localhost" in your lan scenario, as long as you firewall it all. ..ipsec, well it should'nt hurt, you could pack all ssh tunnels in it if your traffic goes thru really crappy hardware, there is some _real_ junk out there that will reboot if it sees more than 256 ip connections... like yourself reading news.google.com or somesuch. -- ..med vennlig hilsen = with Kind Regards from Arnt... ;-) ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case.