Hello!
I have 3 servers interconnected with IPs 192.168.150.1-3. First two has internet connection and third first server uses them as gateways. After googling and reading howtos I managed to get it working: The firewall for ssh on first server is defined
Code:
...
iptables -A EXTIN -p tcp --dport 23 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.150.3 --dport 22 -j ACCEPT
iptables -t nat -A POSTROUTING -d 192.168.150.3 -p tcp --dport 22 -j SNAT --to 192.168.150.1
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 23 -j DNAT --to 192.168.150.3:22
...
On Seconds server:
Code:
...
iptables -A EXTIN -p tcp --dport 23 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.150.3 --dport 22 -j ACCEPT
iptables -t nat -A POSTROUTING -d 192.168.150.3 -p tcp --dport 22 -j SNAT --to 192.168.150.2
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 23 -j DNAT --to 192.168.150.3:22
...
And on third route is defined like this:
Code:
ip route add default scope global nexthop via 192.168.150.1 dev eth0 nexthop via 192.168.150.2 dev eth0
It works, but the problem is that connections on third server are shown that their connected from 192.168.150.1 or 192.168.150.2.
Are there is any way to keep original connection source address, when connecting to 192.168.150.3?
Thanks in advance,
Aigars