Iptables - port forwarding
I reckon I've seen this subject a few times here but I'm still stuck
RH Enterprise Linux 3
I have the following setup
Internet ---> ExtHW Router --> DMZ LX Server --> IntHW Router --> Office LX Server
and I want to log in directly to my office server using ssh. I have tried to set up iptables to port forward from the DMZ Server to the gateway on the IntHW router but am not getting anywhwere. I can ssh to the DMZ server from outside the site and from there I can ssh to the Office server no probs do I don't think it is a port problem. When I try forwarding as follows
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 22 -j DNAT --to 192.168.xxx.xxr:22
iptables -A FORWARD -p tcp -m state --state NEW --dport 22 -i eth0 -j ACCEPT
with the above executed on the DMS server and 192.168.xxx.xxr being the internal gateway. I just hang on trying to log into the extermal router.
This is my first try at forwarding so maybe I'm just not getting it. I don't really want to port forward from the external router to the internal one as a can limit the source in the iptable entry on the DMZ to one valid external account.
This stuff drives me crazy