Think in that it is an internal configured SSH daemond and the administrator don't want to modify the config because the daemon is worwing well. The solution to open the service to another network is map the ports. A posible solution for redirect the ssh port is (in the 10.0.0.1 machine): 1) Allow incoming SSH connexs from the 10.0.0.1 iface. 2) Redirect 10.0.0.1:22 to 172.16.12.130:22 And ... how to do this with IPTABLES? $> iptables -t filter -A INPUT -i eth1 -d 10.0.0.1 -m tcp -p tcp --dport 22 -j ACCEPT $> iptables -t nat -A PREROUTING -i eth1 -d 10.0.0.1 -m tcp -p tcp --dport 22 -j DNAT --to-destination 172.16.12.130:22 This add the rules at the chain tail. Regards, Samuel Díaz García Director Gerente ArcosCom Wireless, S.L.L. mailto:samueldg@xxxxxxxxxxxx http://www.arcoscom.com móvil: 651 93 72 48 tlfn/fax: 956 70 13 15 -----Mensaje original----- De: netfilter-bounces@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx]En nombre de Jason Opperisano Enviado el: jueves, 23 de septiembre de 2004 18:15 Para: netfilter@xxxxxxxxxxxxxxxxxxx Asunto: Re: Can anyone tell me how to do this? On Thu, 2004-09-23 at 11:14, Dominic Iadicicco wrote: > yes > > > wrote: On Thu, 2004-09-23 at 09:22, Dominic Iadicicco wrote: > > ok, I have another one for all. > > > > I have now been tring to do this: > > > > I have an IP, 10.0.0.1 on eth1 and an IP 172.16.12.130 > > at eth0. And heres were things get fun. I want all > > ssh requests that go to 10.0.0.1 to get routed to > > 172.16.12.130 just like it worked when we did it from > > .130 to .212. (if anyone is new and doesn't what was > > discussed yesterday, please let me know I will post > > it.) > > are 10.0.0.1 and 172.16.12.130 on the same physical machine? > > -j i hate answering questions with the "why don't you just do it this way" response, but here goes... if you have SSH connections being received on 10.0.0.1, and that machine also has an IP of 172.16.12.130, why don't you just accept the connections on 10.0.0.1? -j -- Jason Opperisano <opie@xxxxxxxxxxx>
