LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
LinkBack Search this Thread
Old 03-23-2013, 01:25 AM   #1
project.linux.proj
Member
 
Registered: Dec 2012
Posts: 75

Rep: Reputation: Disabled
Iptable rule for DNAT


Hi,

I am trying to redirect my ssh request to remote server using below ip rules but it is failing. Packets gets drop when i request from remote server to ssh. I have also set forwarding.
If it starts working i will bind some other port with destination machine.

iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 22 -j DNAT --to-destination 192.168.83.130:22
/sbin/iptables -A FORWARD -p tcp -d 192.168.83.130 --dport 22 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT


[root@puppet ~]# cat /proc/sys/net/ipv4/ip_forward
1
[root@puppet ~]# cat /proc/sys/net/ipv4/conf/eth0/forwarding
1


Thanks,
 
Old 03-23-2013, 02:03 AM   #2
project.linux.proj
Member
 
Registered: Dec 2012
Posts: 75

Original Poster
Rep: Reputation: Disabled
I ran tcpdump on the machine where i Iprules are written and got below logs.

23:55:17.415157 IP (tos 0x0, ttl 64, id 15945, offset 0, flags [DF], proto: TCP (6), length: 60) 192.168.83.131.54511 > 192.168.83.128.ssh: S, cksum 0xc32c (correct), 805348168:805348168(0) win 5840 <mss 1460,sackOK,timestamp 6331649 0,nop,wscale 6>
23:55:17.415245 IP (tos 0x0, ttl 63, id 15945, offset 0, flags [DF], proto: TCP (6), length: 60) 192.168.83.131.54511 > 192.168.83.130.ssh: S, cksum 0xc32a (correct), 805348168:805348168(0) win 5840 <mss 1460,sackOK,timestamp 6331649 0,nop,wscale 6>
23:55:20.415711 IP (tos 0x0, ttl 64, id 15946, offset 0, flags [DF], proto: TCP (6), length: 60) 192.168.83.131.54511 > 192.168.83.128.ssh: S, cksum 0xb774 (correct), 805348168:805348168(0) win 5840 <mss 1460,sackOK,timestamp 6334649 0,nop,wscale 6>
23:55:20.415771 IP (tos 0x0, ttl 63, id 15946, offset 0, flags [DF], proto: TCP (6), length: 60) 192.168.83.131.54511 > 192.168.83.130.ssh: S, cksum 0xb772 (correct), 805348168:805348168(0) win 5840 <mss 1460,sackOK,timestamp 6334649 0,nop,wscale 6>
23:55:25.047849 IP (tos 0x0, ttl 128, id 19560, offset 0, flags [DF], proto: TCP (6), length: 92) 192.168.83.1.60557 > 192.168.83.128.ssh: P 0:52(52) ack 1 win 16373

6 packets captured
6 packets received by filter
0 packets dropped by kernel
 
Old 03-24-2013, 12:25 PM   #3
project.linux.proj
Member
 
Registered: Dec 2012
Posts: 75

Original Poster
Rep: Reputation: Disabled
Any help on this plz ?

Thanks,
 
Old 04-02-2013, 10:25 AM   #4
project.linux.proj
Member
 
Registered: Dec 2012
Posts: 75

Original Poster
Rep: Reputation: Disabled
Can anybody help on this plz ?


Thanks,
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
iptable how many rule iptable can manage toure32 Linux - Networking 1 05-13-2010 04:34 AM
DNAT rule not working for private IP. atta.memon@gmail.com Linux - Newbie 1 05-20-2009 07:56 PM
iptable dnat to lo interface - is it possible? idg Linux - Security 1 06-20-2005 07:00 AM
Changed source after iptable DNAT? Ambrosia Linux - Networking 0 08-31-2004 01:22 PM
Iptable seems flawed (DNAT) pembo13 Linux - Networking 2 09-24-2003 05:46 PM


All times are GMT -5. The time now is 05:40 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration