Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 07-27-2005, 02:44 PM   #1
LQ Newbie
Registered: Jul 2005
Posts: 1

Rep: Reputation: 0
Question NAT- ssh Firewall Issue

First of all, I am a newbie to Linux. I am using a Linux box as a firewall. I have the following set up:

Linux box 2 nic's: NIC #1 has 2 Public addresses (Used for NAT), NIC #2 Private going into a fastHub.

Windows box behind firewal with only a public address.

Linux is providing NAT on NIC#1.1 for the private address on Win box

Problem: Based on my firewall configurations I am allowing ssh to NIC# 1 from a specific LAN PC, but it will not allow me to ssh through Linux firewall to Window PC.

NATing is working.

My forward config is as follows:

IPTABLES -A FORWARD -p tcp -s public/32 -d private/32 --dport 22 -j ACCEPT

Please advice.

Old 07-27-2005, 02:47 PM   #2
LQ Guru
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 124Reputation: 124
You would need to portforward to ssh in to boxes behind the firewall (I assume this is what you want).
Old 07-27-2005, 04:20 PM   #3
LQ Newbie
Registered: Jan 2003
Location: Cymru Wales)
Distribution: Debian (Sarge & Sid)
Posts: 21

Rep: Reputation: 15
Have you really got an ssh server running on your windows box?

I've had them running but found them flaky!

Anyway, you need port forwarding aka inbound NAT.

You need to specify that inbound traffic to say port 222 at the firewall is forwarded to port 22 of your internal computer's IP address.

Not sure what the iptables voodoo looks like off the top of my head, however you know what to google for now.
Old 07-27-2005, 04:25 PM   #4
LQ Guru
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 124Reputation: 124
Port forwarding with iptables is more or less just:
EXT_IF=eth1 #external interface
INTERNAL_BOX= #box running sshd
/sbin/iptables -A FORWARD -i $EXT_IF -p tcp --dport 22 -j ACCEPT
/sbin/iptables -t nat -A PREROUTING -p tcp --dport 222 -j DNAT --to $INTERNAL_BOX:22


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH port forwarding thru a NAT Firewall whoever Linux - Networking 3 07-29-2005 03:24 AM
Help with ssh (possible firewall issue) HeadNoodle Linux - Newbie 3 02-15-2005 10:05 AM
Firewall/NAT issues with X-Server w/ SSH forwarding JMCraig Linux - Security 1 01-25-2005 12:51 AM
firewall behind a nat wrat Linux - Security 3 06-15-2004 11:28 AM
firewall and nat nakkaya Linux - Networking 3 02-25-2004 08:58 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:43 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration