LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-27-2005, 03:44 PM   #1
moejab
LQ Newbie
 
Registered: Jul 2005
Posts: 1

Rep: Reputation: 0
Question NAT- ssh Firewall Issue


First of all, I am a newbie to Linux. I am using a Linux box as a firewall. I have the following set up:

Linux box 2 nic's: NIC #1 has 2 Public addresses (Used for NAT), NIC #2 Private going into a fastHub.

Windows box behind firewal with only a public address.

Linux is providing NAT on NIC#1.1 for the private address on Win box

Problem: Based on my firewall configurations I am allowing ssh to NIC# 1 from a specific LAN PC, but it will not allow me to ssh through Linux firewall to Window PC.

NATing is working.

My forward config is as follows:

IPTABLES -A FORWARD -p tcp -s public/32 -d private/32 --dport 22 -j ACCEPT

Please advice.

Thx
Moe
 
Old 07-27-2005, 03:47 PM   #2
Matir
LQ Guru
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 125Reputation: 125
You would need to portforward to ssh in to boxes behind the firewall (I assume this is what you want).
 
Old 07-27-2005, 05:20 PM   #3
lynrees
LQ Newbie
 
Registered: Jan 2003
Location: Cymru Wales)
Distribution: Debian (Sarge & Sid)
Posts: 21

Rep: Reputation: 15
Have you really got an ssh server running on your windows box?

I've had them running but found them flaky!

Anyway, you need port forwarding aka inbound NAT.

You need to specify that inbound traffic to say port 222 at the firewall is forwarded to port 22 of your internal computer's IP address.

Not sure what the iptables voodoo looks like off the top of my head, however you know what to google for now.
 
Old 07-27-2005, 05:25 PM   #4
Matir
LQ Guru
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 125Reputation: 125
Port forwarding with iptables is more or less just:
Code:
EXT_IF=eth1 #external interface
INTERNAL_BOX=192.168.0.5 #box running sshd
/sbin/iptables -A FORWARD -i $EXT_IF -p tcp --dport 22 -j ACCEPT
/sbin/iptables -t nat -A PREROUTING -p tcp --dport 222 -j DNAT --to $INTERNAL_BOX:22
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH port forwarding thru a NAT Firewall whoever Linux - Networking 3 07-29-2005 04:24 AM
Help with ssh (possible firewall issue) HeadNoodle Linux - Newbie 3 02-15-2005 11:05 AM
Firewall/NAT issues with X-Server w/ SSH forwarding JMCraig Linux - Security 1 01-25-2005 01:51 AM
firewall behind a nat wrat Linux - Security 3 06-15-2004 12:28 PM
firewall and nat nakkaya Linux - Networking 3 02-25-2004 09:58 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:04 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration