Márcio H. Parreiras wrote:
Try the rules below, simple and clean: EXT_IF='eth1' # the interface connected to InternetSERVER='192.168.0.1 <http://192.168.0.1>' # or any else IP allocated to machineSSH='22' SSH_SERVER='12345' # or another port you want$IPTABLES -t nat -A PREROUTING -i $EXT_IF -p tcp --dport $SSH_SERVER -j DNAT --to $SERVER:$SSH $IPTABLES -t filter -A FORWARD -i $EXT_IF -p tcp --dport $SSH -d $SERVER -j ACCEPTnote: server's sshd may listen on port 22 only.
Hi, I think your rules correspond to mine :iptables -A FORWARD -i $EXTERNAL_INTERFACE -o $INTERNAL_INTERFACE -p tcp --sport $UNPRIVPORTS -d $SERVER --dport 22 -m state --state NEW -j ACCEPT
iptables -t nat -A PREROUTING -i $EXTERNAL_INTERFACE -p tcp -d $SERVER --dport 12345 -j DNAT --to-destination $SERVER:22
The problem is that it opens the ports 22 and 12345 to the server. Regards. -- ============================================== | FRÉDÉRIC MASSOT | | http://www.juliana-multimedia.com | | mailto:frederic@juliana-multimedia.com | ===========================Debian=GNU/Linux===