Dear Netfilter list people
I'm trying to build some netfilter rules so my linux box can forward a telnet connection made on
a machine on my network (lets say "Box-A") to another machine in my network (lets say "Box-B").
Box-A is just another server in the network, but Box-B is special: its a firewalled access
gateway to a client's network, and it is setted up in a way that only telnet connections from
Box-A are accepted (that's my client's security policy, and I don't have any chances on change
this).
On the other hand, many folks from my company need access to that client network, and I don't
want everybuddy needing access to Box-B to connect on Box-A (thats local security policy).
So I tried to use two simple rules that could allow me to forward the connections:
###################################
# /etc/hosts file
# This aliases are in /etc/hosts format, to easy comprehension
box-a.local 192.168.0.6
box-b.local 192.168.0.34
# EOF #############################
###################################
# Redirection script file
# This should re-write incomming connections before routing
# after routing process, they should go to the right host.
iptables -t nat -A PREROUTING -p tcp \
-d box-a.local --destination-port 2200 \
--jump DNAT --to-destination box-b.local:2222
# This should re-write outgoing connections after routing,
# so they appear to originate from the Box-A host.
iptables -t nat -A POSTROUTING -p tcp \
-d box-b.local --destination-port 2222 \
--jump SNAT --to-source box-a.local
# EOF #############################
Oh, well, now begin my problem: this doesn't work, and I don't have any ideas to correct the
problem. I even know what is broken, sadly... :-/ Please help me.
Thank you all very much for desining, maintaining and supporting such a nice tool like
Netfilter.
Best regards.
_______________________________________________________
Yahoo! Acesso Grátis: Internet rápida e grátis.
Instale o discador agora!
http://br.acesso.yahoo.com/
