Nicolas Ross wrote:In my nat table I have:
-A PREROUTING -s 192.168.7.0/24 -d e.f.g.h -p tcp --dport 22 \ -j DNAT --to-destination e.f.g.h:8022
Wait, maybe I missed something.
Are you sure e.f.g.h and e.f.g.h:8022 are the same IP address in the rule above? Also is e.f.g.h in the 192.168.7.0/24 network? Is e.f.g.h the router itself?
I'll just recap a little, for my own benefit, and your all also...
I have a local office subnet (192.168.7.x), wich is behind a netfilter linux firewall/router
192.168.7.x/24 -> iptables/router SNAT --to-source a.b.c.d -> internet
e.f.g.h in my quoted example above, isn't related at all with the router (which is a.b.c.d on the internet).
The goal of all this, is to use regular, port 22, sshd on all my servers (i.e. outside of my local office subnet), and enforce more secure login policies in sshd config. For my "trusted" local office subnet, I have a less secure login policies in my sshd confg on port 8022. But I want users in my local to ssh out on port 22, and transparently redirect them to port 8022...
Nicolas
