[Techtalk] remote SSH and NAT

Mary mary-linuxchix at puzzling.org
Sun Mar 12 13:23:06 EST 2006

On Sat, Mar 11, 2006, Carla Schroder wrote:
> Can I write rules that will let me log directly into stinkpad, or any other 
> LAN host, without having to log into windbag first? Assume all LAN hosts have 
> private, non-routable addresses. Local name resolution is /etc/hosts.

I typically forward a port on windbag, so that when you connect to port
10000 of windbag, windbag pops you right through to port 22 (SSH) of

I've tended to do it with IP addresses, but I don't think there's any
reason not to do it with names that will look up. But sticking with what
I know, lets say that windbag can reach stinkpad on IP address,
and that windbag's external (world) facing interface is eth0:

iptables -A PREROUTING -i eth0 -p tcp -m tcp --dport 10000 -j DNAT --to-destination 

Then from the outside world you can do:
$ ssh -p 10000 windbag
and you'll be sent through to stinkpad directly.


More information about the Techtalk mailing list