What I'm trying to do isn't working...
In my nat table I have :
-A PREROUTING -s 192.168.7.0/24 -d e.f.g.h -p tcp \ --dport 22 -j DNAT --to-destination e.f.g.h:8022
So that when a host on the local subnet open a ssh connection to e.f.g.h, the destination port is changed to 8022.
The connection starts, on e.f.g.h, I see a tcp connection (with netstat), at SYN_SENT state.
On the router, in /proc/net/ip_conntrack, I see :
tcp 6 97 SYN_SENT src=192.168.7.191 dst=e.f.g.h sport=2983 dport=8022 [UNREPLIED] src=e.f.g.h dst=192.168.7.191 sport=8022 dport=2983 use=1
and the ssh connection never establish.
On my desktop, if I establish a ssh connection on port 8022, it works ok.
What am I missing ?
Nicolas
----- Original Message ----- From: "Jason Opperisano" <opie@xxxxxxxxxxx>
To: <netfilter@xxxxxxxxxxxxxxxxxxx>
Sent: Tuesday, March 22, 2005 6:29 AM
Subject: Re: Altering a packet's port
On Mon, 2005-03-21 at 20:27, Nicolas Ross wrote:I saw that in the man page, but I need to do this for ALL hosts to specific subnets, and many hosts. So I'll have to define one rule for EACH host I need a redirect (something like 50 to 75) ?
for loop?
-j
-- "How much is your penny candy? Surprisingly expensive." --The Simpsons
