hey there,
i have a problem to find out the right configuration for iptables to forward ssh throw my firewall on a other server in local net. this server use a other gw, think thats my problem. if the firewall is my gateway no problem.
here my iptable rules, that work, if my gateway is the firewall.
Code:
iptables -A INPUT -p tcp --dport ssh -i ${WAN} -j ACCEPT
iptables -A FORWARD -p tcp -i ${WAN} -o ${LAN} --dport ssh -d ${DSERVER} -j ACCEPT
iptables -A FORWARD -p tcp -i ${LAN} -o ${WAN} --sport ssh -s ${DSERVER} -j ACCEPT
iptables -t nat -A PREROUTING --dst ${WANIP} -p tcp --dport ssh -j DNAT --to-destination ${DSERVER}
iptables -t nat -A POSTROUTING -d \! ${LOCALNET} -j SNAT --to ${WANIP}
echo 1 > /proc/sys/net/ipv4/ip_forward
for f in /proc/sys/net/ipv4/conf/*/rp_filter ; do echo 1 > $f ; done