FW: DNAT SSH
nilesh vaghela
nileshj.vaghela at gmail.com
Thu Jan 31 07:38:43 UTC 2008
I think the following can work.
> 1. -s anywhere --dport 5000 -j DNAT --to-destination :22
-s subnet --dport 5000 -j DNAT --to-destination 22
This will do nating only only subnet.
Thanx.
>
> FILTER INPUT chain:
>
> 2. -s subnet --dport 22 -j ACCEPT
>
> 3. all others -j REJECT
>
> The problem is the packet arrives on 5000 and is natted to 22 correctly
> (1. - all good so far),
> but because its source IP is not the local subnet (defined in 2.), it is
> rejected in the filter
> INPUT chain (3).
>
> So I'm think something like the following:
>
> a. can the packet bypass the INPUT filter chain?
> b. how can I identify my natted packet within the INPUT filter chain and
> thus ACCEPT it?
>
> Regards,
> Geofrey Rainey.
> ==========================================================
> For more information on the Television New Zealand Group, visit us
> online at tvnz.co.nz
> ==========================================================
> CAUTION: This e-mail and any attachment(s) contain information that
> is intended to be read only by the named recipient(s). This information
> is not to be used or stored by any other person and/or organisation.
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subjectunsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
--
Nilesh Vaghela
ElectroMech
Redhat Channel Partner and Training Partner
74, Nalanda Complex, Satellite Rd, Ahmedabad
25, The Emperor, Fatehgunj, Baroda.
www.electromech.info
More information about the redhat-list
mailing list