Forward ssh to an internal server not working

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello.

Can someone please tell me why I cannot access a machine inside my LAN from outside? These are my rules to try to accomplish that task:

$iptables -t nat -A PREROUTING -i $EXT_IFACE -p tcp \
        -s $UNIVERSE --sport $UNPRIVPORTS -d $EXT_IP --dport 22 \
        -j DNAT --to-destination 172.16.0.200:22

$iptables -A FORWARD -i $EXT_IFACE -o $LAN_IFACE -p tcp \
        -s $UNIVERSE --sport $UNPRIVPORTS -d 172.16.0.200 --dport 22 \
        -m state --state NEW -j ACCEPT

$iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

What am I doing wrong?

When I try to ssh from outside our network I can see it gets to the prerouting but, nothing gets forwared:

Chain PREROUTING (policy ACCEPT 1223 packets, 93798 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  374 19224 REDIRECT   tcp  --  eth0   *       172.16.0.0/16        0.0.0.0/0           tcp spts:1024:65535 dpt:80 redir ports 3128 
    0     0 REDIRECT   tcp  --  eth0   *       172.16.0.0/16        172.16.0.1          tcp spts:1024:65535 dpt:8080 redir ports 80 
    0     0 REDIRECT   tcp  --  eth1   *       0.0.0.0/0            190.80.4.42         tcp spts:1024:65535 dpt:8080 redir ports 80 
    3   180 DNAT       tcp  --  eth1   *       0.0.0.0/0            190.80.4.42         tcp spts:1024:65535 dpt:22 to:172.16.0.200:22 

Thanks in advanced for your help.


      
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux