Forwarding to diffrent subnets

Durham · 11-03-2006, 05:41 PM

This is the scenario:

Code:

               /---- Firewall1 ----- Server & net 1
              /
--Firwall----------- Firewall2 ----- Server & net 2
              \
               \---- Firewall3 ----- Server & net 3

How can I ssh directly to anyone of the 3 servers form the outside?
I have forwarded port 22 so that I'm able to reach server 1 from the outside.
From server1 I can ssh to the two other servers.

Is it possible to get direct access to all of the servers?

pljvaldez · 11-03-2006, 06:21 PM

Yes, but what you have to do is use non-standard ports for the other two servers. So map port 10022 to server 2 port 22 and 11022 to server 3 port 22. Then when you invoke ssh from outside, you have to make it use port 10022 for server 2 and 11022 for server 3.

Durham · 11-04-2006, 06:14 AM

OK, for server1 it's easy, and I understand what's happening.

--ssh port22 -->firewall---> 22:firewall1:22 ---> 22:server1

But I don't understand how to forward the ports 10022 and 11022

pljvaldez · 11-06-2006, 11:57 AM

Well, on your firewall box, you have to create a specific port forwarding rule for each box. This is dependent on what type of firewall/router you have. I have a linksys with 3rd party firmware as my home router, so I can just upload a custom firewall/NAT using fwbuilder. Most home routers have a page where you can create special rules for specific ports. Sorry I can't help you much with that. But then you'll call ssh with the -D option for the specific port to your outside firewall.

ssh -D 10022 --> 10022:firewall --> 22:firewall2 --> 22:server2
ssh -D 11022 --> 11022:firewall --> 22:firewall3 --> 22:server3