Hello.
I have firewall with three physical network interfaces running on Debian Linux. The addressing looks as follows:
eth0 - wan - 192.168.168.2
eth1 - lan1 - 10.1.1.1
eth2 - lan2 - 10.2.1.1
I have few servers in the lan1 network from which I want some ports forwarded to the wan network. For example: I want port 22 (ssh) on address 10.1.1.11 forwarded to address 192.168.168.2 and port 6990 so that users in the 192.168.168.0/24 network can connect to the ssh server listening on 10.1.1.11:22. I have the following rules in my iptables script:
Code:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 6990 -j DNAT --to-destination 10.1.1.11:22
However, when I try to connect with ssh client from the firewall I receive the following error:
Code:
root@fw:~$ ssh -p 6990 root@192.168.168.2
ssh: connect to host 192.168.168.2 port 6990: Connection refused
root@fw:~$
I think that I'm doing something wrong here and my rules are not correct.
Can please anybody help me with that?