Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I tried first with a ssh tunnel. But it works only from the internal network
( ssh -p 2222 -N -g -f -L 6789:192.168.1.5:22 root@82.14.14.14.) I tried to add following rule to the firewall script but I always get that the connection is timed out : iptables -A INPUT -i eth1 -p udp --dport 6789 -j ACCEPT ( eth1 it the firewall nic on the internet side)
I presume that the timed out connection is caused by a firewall rule. What do I have to add or is better to work with with iptables port forwarding? ( iptables -t nat -A PREROUTING -p tcp --dport 6789 -j DNAT --to 192.168.1.5:22 ).
There is also a ssh deamon running on the firewall.
my reak understanding on ssh tunnels isn't too hot, but you need a port available on the firewall to go through, which you've not mentioned. you'd then need to run your internal ssh port on that open port number. maybe port 80, 25 or 443 are accessible through the firewall? if so, set up sshd_config on the internal machine to listen on that port too. in reality though, this isn't actually using a tunnel at all, just changing the port number. seems to be what you want though.
Sorry but I didn't mention the port in my text. But the tunnel is created with'ssh -p 2222 -N -g -f -L 6789:192.168.1.5:22 root@82.14.14.14'. So on the firewall , I have an input port 6789 and this should be forwarded to the internal PC 192.168.1.5:22 ( sshd of this PC). I don't encounter problems if I try to connect from e.g. 192.168.1.6 (other internal PC) via 'ssh -p 6789 root@82.14.14.14', I am redirected immediatly to 192.168.1.5.
There is a SSH running on the firewall (port 2222)
# if you have a webserver internally behind firewall box, forward external http requests to internal web server
# by uncommenting the rules below: (note: this can be done for other servers/services as well.)
# Internal requests made by network machines can be made through a proxy if you do not have a DNS server.
#iptables -A PREROUTING -t nat -p tcp --destination-port 80 -j DNAT -i eth0 -d 24.17.27.103 --to-destination 192.168.0.4:80
#iptables -A FORWARD -i eth0 -o eth1 -p tcp -d 192.168.0.4 -j ACCEPT
# Allow internal webserver to respond to external http requests
# by uncommenting the rule below:
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.4 -j SNAT --to-source 24.17.27.103
I tried your proposal but without pos. changes. I had to replace eth0 with eth1 and vice versa because eth1 is internet sid nic. This is what I added. I killed the process 'ssh -p 2222 -N -g -f -L 6789:192.168.1.5:22 root@82.14.14.14' first
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.