Hello,
I'm trying to create this setup:
PC1 -> 8080:server -> 22:remotePC
Basically, forward incoming connection at port 8080 to a remote address port 22.
I have been half way successful.
Code:
iptables -t nat -I PREROUTING -p tcp -i eth0 -d *server* --dport 8080 -j DNAT --to-destination *server*:22
Works, I can get ssh at port 8080 with 'ssh -p 8080 *server*'. However,
Code:
iptables -t nat -I PREROUTING -p tcp -i eth0 -d *server* --dport 8080 -j DNAT --to-destination *remotePC*:22
doesn't seem to be routing. I believe the problem is that the server doesn't route to remote address for some strange reason.
iptables shouldn't be issue here, as everything necessary is allowed (I hope).
Code:
iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain fail2ban-apache (0 references)
target prot opt source destination
Chain fail2ban-couriersmtp (0 references)
target prot opt source destination
Chain fail2ban-postfix (0 references)
target prot opt source destination
Chain fail2ban-ssh (0 references)
target prot opt source destination
I also tried both of these
Code:
iptables -A INPUT -p tcp -m state --state NEW --dport 8080 -i eth0 -j ACCEPT
iptables -A FORWARD -p tcp -m state --state NEW -d *server* --dport 8080 -j ACCEPT
and none of them worked. Nmap says the port is filtered, but it shouldn't be an issue if I can connect to it when it forwards to local (server) port.
I hope you will help me.