No subject


Sun Apr 7 09:35:27 BST 2019


ssh MAIN -p 33333

to actually ssh SECOND.

To do the above, your dnat statement should be given to FireHOL at MAIN,
and also have a router definition (at MAIN again) that allows ssh from th=
e
client to SECOND (not from MAIN to SECOND). The fact that you can ssh fro=
m
MAIN to SECOND is irrelevant (even if you actually ssh to the public IP o=
f
MAIN, because Linux knows that you are talking about itself and never
routes this traffic through the FORWARD chain of iptables).

Costa



> Hello, Costa!
> 03 =EE=CF=D1=C2�=D1 2004=C7. =D7 21:21 You wrote:
>
> Yes firewall allow to SECOND server via ssh. I	come in to MAIN server
> ssh 81.18... than can come in to SECOND ssh 192.168.0.111.
>
>> Hi Grigory,
>>
>> dnat is one thing, packet filtering is another. Does the firewall
>> (i.e. a route or server statement in a router definition) allow the
>> ssh service to 192.168.0.111?
>>
>> Costa
>>
>>
>> > Hello!
>> >
>> > Can you help me with DNAT and port redirection?
>> > I have to servers MAIN and SECOND. MAIN real IP 81.18... and
>> > interface eth1 and I can enter ssh 81.18... But to the SECOND server
>> > have lan IP 192.168.0.111 and i want to enter on it through not
>> > standart port
>> >
>> > dnat to 192.168.0.111:22 inface eth1 dst ${MAIN_IP} proto tcp dport
>> > 33333
>> >
>> > but I can not enter ssh 81.18... -p 33333. Why?
>> >
>
>
> --
> =F7=D3=C5=C7=CF =CE=C1=C9=CC=D5=DE=DB=C5=C7=CF!
> greg at anastasia.ru =E7�=C9=C7=CF�=C9=CA.
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by:
> Sybase ASE Linux Express Edition - download now for FREE
> LinuxWorld Reader's Choice Award Winner for best database on Linux.
> http://ads.osdn.com/?ad_idU88&alloc_id=12065&op=3Dclick
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/firehol-support
>






More information about the Firehol-support mailing list