This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Setting up DNAT/SNAT for external ssh - how?

I've been trying to setup so that an external box can ssh into a box (host1) on my internal network behind ASL 5.200. I've tried various combinations, but none work. ssh to the outside works fine.
Rule Type: DNAT/SNAT
Packets to match      Source address: ???   Destination Address: host1   service ssh
Change Source to: ????        Address: ???
Change Destination to:     Address       Service destination  ssh(22)

Help needed as I'm not sure what destination and source are referenced to.

This thread was automatically locked due to age.

Parents

0 BarryG over 20 years ago

Astaro's SSH uses port 22 by default, so you can't use "service SSH".

Also, the dest for the NAT rule must be your External IP.

Try setting up a new service like SSH2222 on port 2222, and then match:
Source ANY, Dest EXT IP, Service SSH2222
Don't change source
Change Dest to Host1, service ssh(22)

Then, create a packetfilter rule,
client IP, to host1, service ssh(22), allow

and then tell the client to connect to your ext IP on port 2222

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BarryG over 20 years ago

Astaro's SSH uses port 22 by default, so you can't use "service SSH".

Also, the dest for the NAT rule must be your External IP.

Try setting up a new service like SSH2222 on port 2222, and then match:
Source ANY, Dest EXT IP, Service SSH2222
Don't change source
Change Dest to Host1, service ssh(22)

Then, create a packetfilter rule,
client IP, to host1, service ssh(22), allow

and then tell the client to connect to your ext IP on port 2222

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data