On Mon, Aug 02, 2004 at 01:05:54PM +0100, rich wrote: > > Do you control firewall? > > If yes : use DNAT to redirect external connection to SSH server > > (if firewall is NAT box) > > or open port 22 and forward connectio to internal hosts > > There's a firewall I control (which allows port 22 so long as the SYN packet > comes from inside), but that's behind a NAT router, so the only way to "find" > my server on the internet is if IT initiates the connection.
Something like: 1. INPUT ACCEPT: port 22 even for external to internal connection. 2. PREROUTING DNAT: to reroute connection to internal box. 3 FORWARD ACCEPT: allow external port 22 connection to inside Please try ipmasq package from unstable and read examples. It should cleanly install even to woody :-) Hmm... after security fix, I may need some fix for this 3rd item. Osamu -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
