[Techtalk] remote SSH and NAT

Carla Schroder carla at bratgrrl.com
Sun Mar 12 13:13:36 EST 2006

All right NAT gurus, here's your chance to strut your stuff. I've always taken 
the lazy way to SSH into LANs. I make an iptables rule to allow SSH into the 
gateway box:

-A INPUT -p tcp --dport 22 --sport 1024:65535 -m state --state NEW -j ACCEPT

Then I log into the gateway box, then log in from there to whatever LAN host I 
need to get into. Remotehost is a remote PC on a different network. windbag 
is my gateway/firewall, and stinkpad is a LAN host. Windbag and stinkpad are 
on Windbag has two NICs, wan and lan.

carla at remotehost:~$ ssh windbag.foo.net
carla at windbag.foo.net's password:
Linux windbag 2.6.12-10-386 #1 Mon Feb 13 12:13:15 UTC 2006 i686 GNU/Linux
Last login: Sat Mar 11 17:07:24 2006 from foo-29.isp.net

carla at windbag:~$ ssh stinkpad
carla at stinkpad's password:
Last login: Sat Mar 11 17:07:50 2006 from windbag.foo.net

[carla at stinkpad ~]$

Can I write rules that will let me log directly into stinkpad, or any other 
LAN host, without having to log into windbag first? Assume all LAN hosts have 
private, non-routable addresses. Local name resolution is /etc/hosts.

 Carla Schroder
 check out my "Linux Cookbook", the ultimate Linux user's
 and sysadmin's guide! http://www.oreilly.com/catalog/linuxckbk/

More information about the Techtalk mailing list