Marc Mueller wrote:
> Hi guys,
>
> i read tons of dokumentation, but i still have not found a fitting
> solution for my problem - perhaps anyone of you can help me.
>
> There are 3 servers (A,B,C), each running a ssh-daemon. None of them
> has a connection to the internet for security reasons - neither
> incoming nor outgoing.
>
> Only one server in the internet (X) is allowed to open a direct
> connection to the three servers.
>
>
> Local # Internet # Local
> A---\ # #
> B---->--#----X-----#---Me
> C---/ # #
> # #
>
> I'm aiming to setup IP-Forwarding on server X that I can connect
> from my local PC to the server A,B or C.
> For example:
> Everytime I'm opening a ssh-connection to server X on
> port 60001 - server X forwards this request to server A port 22, and
> translates all addresses, so server A thinks the ssh-sessions
> origins from server X. Server X retranslates all the responses from
> server A and sends them back to my PC.
>
> When I'm opening a ssh-connection on server X:60002 the same thing will
> happen for server B and so on.
>
>
> Is there any way to do that with iptables?
> The only thing I have found is portforwarding on the local machine,
> but I can not figure out how to forward connections to another machine.
>
> Thanks a lot,
> -Marc-
>
>
>
Did you try...
iptables -A PREROUTING -t nat -p tcp -d x.x.x.x --dport 60001 -j DNAT
--to a.a.a.a:22
iptables -A PREROUTING -t nat -p tcp -d x.x.x.x --dport 60002 -j DNAT
--to b.b.b.b:22
.... aso?
I am not sure, but your problem could be much more complex. Check the
incoming traffic of A,B and C. If the origin IP (not X) wants to connect
to your ssh servers, you probably need also SNAT on your X box.
Let us know.
Eric
|
Similar Threads
Linear Mode
