[Techtalk] remote SSH and NAT
Mary
mary-linuxchix at puzzling.org
Sun Mar 12 13:23:06 EST 2006
On Sat, Mar 11, 2006, Carla Schroder wrote:
> Can I write rules that will let me log directly into stinkpad, or any other
> LAN host, without having to log into windbag first? Assume all LAN hosts have
> private, non-routable addresses. Local name resolution is /etc/hosts.
I typically forward a port on windbag, so that when you connect to port
10000 of windbag, windbag pops you right through to port 22 (SSH) of
stinkpad.
I've tended to do it with IP addresses, but I don't think there's any
reason not to do it with names that will look up. But sticking with what
I know, lets say that windbag can reach stinkpad on IP address 10.0.0.2,
and that windbag's external (world) facing interface is eth0:
iptables -A PREROUTING -i eth0 -p tcp -m tcp --dport 10000 -j DNAT --to-destination 10.0.0.2:22
Then from the outside world you can do:
$ ssh -p 10000 windbag
and you'll be sent through to stinkpad directly.
-Mary
More information about the Techtalk
mailing list