Can anyone tell me how to do this?
Jason Opperisano
opie at 817west.com
Wed Sep 22 16:29:43 CEST 2004
On Wed, 2004-09-22 at 10:09, Dominic Iadicicco wrote:
> Hello all,
>
> Can anyone tell me how to do this so that I may ask
> some questions afterword's in hopes to learn a little
> more about iptables.
learning more about iptables is a nice goal to have. sometimes i wish
it was just as glamorous for people to want to learn more about routing
and the OSI model, before becoming super l33t firewall gurus...but i
digress...
> This is what I would like to try. I think this would
> get me to the next level.
>
> My devil-Box is at 172.16.12.130 and I want all ssh
> request to this .130 address, to go to address
> 172.16.12.212. How do I do this? All machines are
> on the 172.16.12.x subnet for right now.
iptables -t nat -A PREROUTING -p tcp --dport 22 \
-d 172.16.12.130 -j DNAT --to-destination 172.16.12.212
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -p tcp -d 172.16.12.212 -j ACCEPT
iptables -t nat -A POSTROUTING -p tcp --dport 22 \
-d 172.16.12.212 -j SNAT --to-source 172.16.12.130
sysctl -w net.ipv4.ip_forward=1
-j
--
Jason Opperisano <opie at 817west.com>
More information about the netfilter
mailing list