Hi folks,
I would like to connect via ssh to my host machine inside a LAN using
iptables. In order words, for open two terminals from my job (one for
the server and the other one for the machine on the host), I would
like to connect to the machine inside throughout a simple redirection.
The closer solution I found was that using PAT. But first, I'm not
sure if it's the best choice; second, I'm in doubt about the syntax
I'm using for iptables:
# iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 22 -j REDIRECT
--to-port ?
Tha was the first idea. But I think that I would loose the connection
with-- let me call -- hostB(inside, not public IP).
So I thought to give a higher port and make the hostA(server,
connected to public internet and NATing my home network) redirect this
port number for hostB. That would be:
# iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2200 -j
REDIRECT --to-port ?
The interrogations mark(?) mean that I'm not sure if I could use, in
my case, "--to-port hostB.hostA.homelinux.net" for instance. I don't
think so cuz it's a PAT...so it should based on port numbers and not
names.
Basically, the idea is open a remote connection for hostA using port
22 and, simoutaneously, open a second connection directly to hostB (by
passing hostA) using port 2200.
So I have:
JOB------> INTERNET-----------> hostA (if port
22)-------------------------------> hostB
| OR
|
| if (port = 2200)
REDIRECT to hostB |
---------------------------------------------------------------
SERVER
HOST
eth0: public
eth0: private
eth1: private
Further, hostB is part of hostA domain.
Please, if someone has some doubt about this crazy idea, let me know.
Thanks
Romulo Sousa
