Hi, I have configured my adsl modem in Linux as ppp0, I am using NAT in linux to connect lan to internet.. ok fine.
Now, I want a lan server-192.168.2.3:22(ssh) to expose to internet directly, Pls guide me how can i do it.
I am pasting my nat confiuration:
------------------
INTIF="eth0"
EXTIF="ppp0"
EXTIP="`/sbin/ifconfig ppp0 | grep 'inet addr' | awk '{print $2}' | sed -e 's/.*://'`"
echo "Loading required stateful/NAT kernel modules..."
/sbin/depmod -a
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_conntrack_irc
/sbin/modprobe iptable_nat
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_nat_irc
echo " Enabling Kernal IP forwarding..."
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
echo " Flushing ip router through: $EXTIF"
echo " External interface IP address is: $EXTIP"
echo " Loading Kernal server rules..."
# Clearing any existing rules and setting default policy
/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -F INPUT
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -F OUTPUT
/sbin/iptables -P FORWARD DROP
/sbin/iptables -F FORWARD
/sbin/iptables -t nat -F
/sbin/iptables -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -j DROP
/sbin/iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
Sm told me to do following :
/sbin/iptables -A PREROUTING -t nat -p tcp -d $EXTIP --dport 22 -m state --state NEW,ESTABLISHED,RELATED -j DNAT --to $PORTFWIP:22
/sbin/iptables -A FORWARD -p TCP -s 0/0 --dport 22 -j ACCEPT
I did above n when I nmap the linux NAT(gateway) i get:
PORT STATE SERVICE
22/tcp filtered ssh
23/tcp filtered telnet
29/tcp filtered msg-icp
67/tcp filtered dhcps
80/tcp open http
