[ previous ] [ next ] [ threads ]
 From:  Manuel Kasper <mk at neon1 dot net>
 To:  Olivier Nibart <olivier at naya dash tec dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] NAT with port change
 Date:  Mon, 17 May 2004 18:14:50 +0200
On 17.05.2004 17:48 +0200, Olivier Nibart wrote:

> I'm trying to acces 2 ssh servers on my LAN, let's say S1 and S2,
> like this :
> WAN port 22 <------------>M0n0wall<--------------->LAN S1 port 22
> WAN port 2222 <------------>M0n0wall<--------------->LAN S2 port 22
> I've added a NAT from WAN:22 to S1:22 on LAN
> I did the same for S2 except that I've put 2222 on the external
> port.
> I have one rule that permit port WAN:22 to access S1 and another
> one that permit WAN:22 to access S2 also.

Hint: don't create the filter rules by hand, use the auto-add option
when you add a new NAT rule. Filter rules are processed after NATing
for incoming packets, and the SSH client is free to choose any value
for the source port. You just need two rules to permit traffic -
[interface WAN, source any, destination S1 port 22] and [interface
WAN, source any, destination S2 port 22].

- Manuel