[rescue] how to use a NAT/PAT to forward SSH to an internal box
Greg A. Woods
rescue at sunhelp.org
Fri Jan 4 21:45:12 CST 2002
[ On Friday, January 4, 2002 at 19:19:04 (-0500), George Adkins wrote: ]
> Subject: Re: [rescue] an idea...
>
> On Friday 04 January 2002 04:14 pm, you wrote:
> > Something similar could be accomplished by just fowarding various ports on
> > a NAT box to port 22 on the correct box. That's what I do.
>
> okay, so... how do I ssh to one of these boxes from the outside using only a
> hostname?
If you want to SSH to the firewall, and also to some internal box at the
same time, using just a hostname, then you'll need two IP addresses on
the firewall's external interface. (otherwise you can assign any unused
port on the firewall to be forwarded to port #22 on the internal box and
then just do "ssh -p external-port# firewall.hostname" to connect to the
internal box)
Either way with something like IP filter you just do:
rdr ether0 1.2.3.4/32 port 22 -> 10.10.10.10 port 22 tcp
where 1.2.3.4 is the address on the external interface to be redirected,
"ether0" is the external interface's name, and 10.10.10.10 is the
internal host's IP address.
With just port translation the first "22" becomes the unused external
port# you assign to map to the internal host's sshd, eg. like this:
rdr ether0 0/0 port 2201 -> 10.10.10.10 port 22 tcp
You could also use bi-directional mapping, but that would translate all
traffic in both directions, not just SSH.
Finally assign the re-directed IP# to the hostname you want to use from
the outside in your DNS.
--
Greg A. Woods
+1 416 218-0098; <gwoods at acm.org>; <g.a.woods at ieee.org>; <woods at robohack.ca>
Planix, Inc. <woods at planix.com>; VE3TCP; Secrets of the Weird <woods at weird.com>
More information about the rescue
mailing list