On Fri, Mar 21, 2008 at 7:28 PM, Fr=E9d=E9ric Massot
<frederic@[EMAIL PROTECTED]
> wrote:
> The server that I want access through SSH is different from the
> firewall, the server is in the DMZ and has one network interface
(chains
> INPUT or OUTPUT), the firewall with two network interfaces (chain
> FORWARD). The INPUT chain on the firewall is not involved in the
decisio=
n.
Hi, I didn't realize you want to access another server within the DMZ.
Okay, so now all traffic into DMZ servers must go through the firewall
right (meaning no direct access to the publicly accessible servers)?
I'm assuming that you are doing same-address NAT for the public IP. If
so, then you can do a ****t address translation:
iptables -t nat -A PREROUTING -p tcp -d <ext-public-ip> --d****t 12345
-j DNAT --to-destination <ext-public-ip>:22
If your default routing is set up correctly, any attempt to access
****t 22 directly from outside the firewall will be dropped/rejected.
While I attempt to have the command as correct as possible, I did not
test the above command so keep a backup of the original firewall
setting.
Chris
|
