[Techtalk] remote SSH and NAT
Carla Schroder
carla at bratgrrl.com
Sun Mar 12 13:13:36 EST 2006
All right NAT gurus, here's your chance to strut your stuff. I've always taken
the lazy way to SSH into LANs. I make an iptables rule to allow SSH into the
gateway box:
-A INPUT -p tcp --dport 22 --sport 1024:65535 -m state --state NEW -j ACCEPT
Then I log into the gateway box, then log in from there to whatever LAN host I
need to get into. Remotehost is a remote PC on a different network. windbag
is my gateway/firewall, and stinkpad is a LAN host. Windbag and stinkpad are
on 192.168.1.0/24. Windbag has two NICs, wan and lan.
carla at remotehost:~$ ssh windbag.foo.net
carla at windbag.foo.net's password:
Linux windbag 2.6.12-10-386 #1 Mon Feb 13 12:13:15 UTC 2006 i686 GNU/Linux
Last login: Sat Mar 11 17:07:24 2006 from foo-29.isp.net
carla at windbag:~$ ssh stinkpad
carla at stinkpad's password:
Last login: Sat Mar 11 17:07:50 2006 from windbag.foo.net
[carla at stinkpad ~]$
Can I write rules that will let me log directly into stinkpad, or any other
LAN host, without having to log into windbag first? Assume all LAN hosts have
private, non-routable addresses. Local name resolution is /etc/hosts.
thanks!
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Carla Schroder
check out my "Linux Cookbook", the ultimate Linux user's
and sysadmin's guide! http://www.oreilly.com/catalog/linuxckbk/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
More information about the Techtalk
mailing list