1,234
edits
Changes
→Port forwarding SSH
** iptables diagram source: https://documentation.suse.com/sles/15-SP1/html/SLES-all/cha-security-firewall.html
** forward incoming tcp port 2211 packets to port 22 on www <source>iptables -t nat -A PREROUTING -p tcp --dport 2211 -j DNAT --to 10.3.45.11:22</source>
** allow forwarding to www(or just remove default reject rule)<source>iptables -I FORWARD -p tcp --dport 22 -d 10.3.45.11 -j ACCEPT</source>
** don't recheck existing forwarded connections, including replies to accepted traffic <source>iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT</source>
** perform ip masquerading <source>iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE</source>