Linux Forums - Linux Help,Advice & support community:LinuxSolved.com
Network Troublshooting => General Networking Support in Linux => Topic started by: sunlinux on December 14, 2007, 09:47:51 AM
-
Hi, I have configured my adsl modem in Linux as ppp0, I am using NAT in linux to connect lan to internet.. ok fine.
Now, I want a lan server-192.168.2.3:22(ssh) to expose to internet directly, Pls guide me how can i do it.
I am pasting my nat confiuration:
------------------
INTIF="eth0"
EXTIF="ppp0"
EXTIP="`/sbin/ifconfig ppp0 | grep 'inet addr' | awk '{print $2}' | sed -e 's/.*://'`"
echo "Loading required stateful/NAT kernel modules..."
/sbin/depmod -a
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_conntrack_irc
/sbin/modprobe iptable_nat
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_nat_irc
echo " Enabling Kernal IP forwarding..."
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
echo " Flushing ip router through: $EXTIF"
echo " External interface IP address is: $EXTIP"
echo " Loading Kernal server rules..."
# Clearing any existing rules and setting default policy
/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -F INPUT
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -F OUTPUT
/sbin/iptables -P FORWARD DROP
/sbin/iptables -F FORWARD
/sbin/iptables -t nat -F
/sbin/iptables -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -j DROP
/sbin/iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
Sm told me to do following :
/sbin/iptables -A PREROUTING -t nat -p tcp -d $EXTIP --dport 22 -m state --state NEW,ESTABLISHED,RELATED -j DNAT --to $PORTFWIP:22
/sbin/iptables -A FORWARD -p TCP -s 0/0 --dport 22 -j ACCEPT
I did above n when I nmap the linux NAT(gateway) i get:
PORT STATE SERVICE
22/tcp filtered ssh
23/tcp filtered telnet
29/tcp filtered msg-icp
67/tcp filtered dhcps
80/tcp open http
-
Well... you mean you want to target all ssh request ie. on port22 to be directed to internal 192.168.2.3 server ?
-
absolutely...
-
Thank you! I have solved my problem. of DMZ
-
I would like to see how you solved it !
-
I just added following lines to my script file:
PORT=922
DMZ_IP=192.168.123.4
DMZ_IF=eth0
/sbin/iptables -A PREROUTING -t nat -p tcp --dport $PORT -i ppp0 -j DNAT --to $DMZ_IP:$PORT
/sbin/iptables -A FORWARD -p tcp -d $DMZ_IP --dport $PORT -i ppp0 -o $DMZ_IF -j ACCEPT
/sbin/iptables -A FORWARD -p tcp -s $DMZ_IP --sport $PORT -i $DMZ_IF -o ppp0 -j ACCEPT
n it worked...