Hello all,
I''ve got a problem I''d like to solve, but have no idea whether
it''s
possible with shorewall or netfilter/iptables at all.
The situation is as follows: we have a server/router with external
interface eth0 and IP 131.211.39.72 and internal interface eth1 and IP
192.168.1.1 and that masquerades subnet 192.168.1.0/24 through eth0.
We DNAT ssh connections from outside to an internal host 192.168.1.4.
However we''d also like to redirect internal ssh connections to the
server _on IP 131.211.39.72_ to be redirected to 192.168.1.4. Ssh
connections to the server on it''s internal IP 192.168.1.1 should not
be redirected.
Is this possible and if so how?
I''ve first of all set the routeback option on the internal subnets (in
the ''hosts'' file: eth1 connects to the
''local'' (loc) subnet
192.168.1.0/24, but we also have a ''local trusted'' (ltr)
subnet
192.168.1.0/25).
First thing I tried, was to add a DNAT rule:
DNAT ltr ltr:192.168.1.4:22 tcp ssh - 131.211.39.72
but this doesn''t work (I suppose because the source IP doesn''t
get
rewritten).
Next I tried a masquerading/SNAT rule:
eth1:131.211.39.72/32 eth1 192.168.1.1 tcp ssh
which doesn''t work either and last, I tried both also to no avail.
Any help would be appreciated.
Jaap
-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache''s Geronimo App Server.
Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php