Re: Nat with a dynamic IP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

LOL.  I did not say it was possibel. I was looking for a way to do it.  I
guess I am not as concerened with getting it to work with multiple external
interfaces ....  But mostly with the second part of my question ( which by
the way was ...)

"More importantly, what about trying to connect directly to the
firewall from an external address"

I guess what I am really getting at is that if I set up DNAT the way
suggested  (see below) then I am not sure how I would be able to ssh to both
the firewall and a box inside the firewall.  Is the only way to do this to
ssh to the firewall and then ssh to a box inside the firewall ?

( this was the suggestion.  btw, I am not using a mail server, it was just
in the solution)
iptables -t nat -A PREROUTING -p tcp --dport 25 -i $EXT_DEV -j DNAT
    --to-destination $SMTP_SERVER

My setup would be something like this
iptables -t nat -A PREROUTING -p tcp --dport 22 -i$EXT_DEV -j DNAT
       --to-destination $InternalIPofFirewall
( this would direct all ssh connections on port 22 to the firewall)

Is the only other possibility (other than sshing to the firewall first and
then to the internal box) to have another port listen on a high port, and
set up my internal box to listen on that high port for ssh ???


Thanks again, and sorry for the long confusing email ....

----- Original Message -----
From: "Daniel Chemko" <dchemko@xxxxxxxxxx>
To: "Ramin Dousti" <ramin@xxxxxxxxxxxxxxxxxxxx>; "Peter Marshall"
<peter.marshall@xxxxxxxxx>
Cc: "Thorsten Scherf" <tscherf@xxxxxx>; <netfilter@xxxxxxxxxxxxxxxxxxx>
Sent: Friday, September 05, 2003 2:16 PM
Subject: RE: Nat with a dynamic IP


> Damn, guys, if you could set me up with a fantastic script that can do
> multiple DHCP subscriptions on a single NIC, I could throw away my all
> 4-port NIC's. I'll hear offers for the cards 'after' I get this script
> :-)
>
>
>
> -----Original Message-----
> From: Ramin Dousti [mailto:ramin@xxxxxxxxxxxxxxxxxxxx]
> Sent: Friday, September 05, 2003 10:11 AM
> To: Peter Marshall
> Cc: Thorsten Scherf; netfilter@xxxxxxxxxxxxxxxxxxx
> Subject: Re: Nat with a dynamic IP
>
> On Fri, Sep 05, 2003 at 11:36:09AM -0300, Peter Marshall wrote:
>
> > That is a pretty good solution for the SNAT.  I never thought about
> MASQ.
> > However .... I am not sure if the DNAT is the best solution ....  WHat
> if
> > you had multiple ip numbers on the external card ....
>
> and they're all dynamic? Give us an example...
>
> Ramin
>
> > More importantly, what about trying to connect directly to the
> firewall from
> > an external address.
>
>
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux