LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 10-25-2004, 04:13 AM   #1
dannyk1
Member
 
Registered: Aug 2004
Location: Geelong, Vic Australia
Distribution: Gentoo, Ubuntu,and sometimes something from billy gates (when Im desperate)
Posts: 188

Rep: Reputation: 31
using ssh


how do I modify iptables so I can ssh to a machine behind my firewall

eg. I have a machine connected to the net all the time routing my other machines giving them class c addresss.

what command would I use to accesss the other machines

ssh -l user@address ????
 
Old 10-25-2004, 09:43 AM   #2
ugge
Senior Member
 
Registered: Dec 2000
Location: Gothenburg, SWEDEN
Distribution: OpenSUSE 10.3
Posts: 1,028

Rep: Reputation: 45
This will be done using what is called port forwarding. You assign a port that WAN users (from the Internet) try to connect to. That is the users set up a connection to your routers public ip address and a given port. The router then forwards the request to a local ip number and the ssh port.

This is accomplished using the DNAT target in iptables
Code:
iptables -t nat -I PREROUTING -d <WAN IP> --dports <port> -j DNAT --to <LAN IP>:22
Code above saying: "Change destination of all ariving packets with destination WANort to LAN:22"
 
Old 10-26-2004, 05:42 AM   #3
dannyk1
Member
 
Registered: Aug 2004
Location: Geelong, Vic Australia
Distribution: Gentoo, Ubuntu,and sometimes something from billy gates (when Im desperate)
Posts: 188

Original Poster
Rep: Reputation: 31
This is the line I added


iptables -t nat -I PREROUTING -d eth0 --dports 22 -j DNAT --to 192.168.0.5:22


eth0 being external interface
192.168.0.5 being address of the destination machine

when I try to run I get

Unknown arg '--dports'

Please help
 
Old 10-26-2004, 08:51 AM   #4
ugge
Senior Member
 
Registered: Dec 2000
Location: Gothenburg, SWEDEN
Distribution: OpenSUSE 10.3
Posts: 1,028

Rep: Reputation: 45
The -d option should be -o if you want to specify an interface rather than an IP address.
Change to this
Code:
iptables -t nat -I PREROUTING -o eth0 -p tcp --dport 22 -j DNAT --to 192.168.0.5:22
The --dports option requires that you add the option -m multiport, but the solution I choose above is more specific in itäs match.
 
Old 10-27-2004, 04:05 AM   #5
dannyk1
Member
 
Registered: Aug 2004
Location: Geelong, Vic Australia
Distribution: Gentoo, Ubuntu,and sometimes something from billy gates (when Im desperate)
Posts: 188

Original Poster
Rep: Reputation: 31
Thanks for the reply

I tried adding

iptables -t nat -I PREROUTING -o eth0 -p tcp --dport 22 -j DNAT --to 192.168.0.5:22

and now I get the error

iptables v1.2.8: Can't use -o with PREROUTING

Can anyone see what I am doing wrong ???
 
Old 10-27-2004, 08:20 AM   #6
ugge
Senior Member
 
Registered: Dec 2000
Location: Gothenburg, SWEDEN
Distribution: OpenSUSE 10.3
Posts: 1,028

Rep: Reputation: 45
Of course, didn't think of that.
Try to exchange that to -d <destination ip>

Explanation: Before iptables have decided the route to take (PREROUTING), it doesn't know which interface the packet should be sent out through, so it can't match that in a rule.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh-agent, ssh-add and ssh-keygen AND CVS raylpc Linux - General 2 11-19-2008 03:50 AM
[SSH] Issue logging in [SSH & Permissions] MD3 Linux - Networking 11 12-10-2006 10:25 AM
Mac OS X ssh client / linux sshd : ssh hangs/disconnects Apollo77 Linux - Networking 1 05-24-2006 12:53 PM
I turned off SSH, but I cant get it back! How do you start SSH on boot? nmoog Slackware 2 02-08-2004 06:18 PM
ssh issue: /usr/bin/ssh -x -oFallBackToRsh no -l WeNdeL Linux - Software 1 03-04-2003 08:17 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 09:25 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration