[CentOS] A little iptables help
Rodrigo Barbosa
rodrigob at suespammers.org
Thu Sep 29 01:46:08 UTC 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, Sep 28, 2005 at 11:46:50AM -0500, Aleksandar Milivojevic wrote:
> Quoting Kirk Bocek <t004 at kbocek.com>:
>
> >I did this successfully providing external SSH access to a collection
> >of hosts on a private network. However for this to work, the hosts on
> >the private net also need to be doing SNAT back out through the
> >firewall.
>
> Unless you are doing something funky, SNAT is not needed. All he needs
> is DNAT.
> Netfilter should take care of returning packets automagically (unless, as I
> said, you are doing something funky and confusing Netfilter with it).
If you have a RELATED,ESTABLISHED matching rule only.
[]s
- --
Rodrigo Barbosa <rodrigob at suespammers.org>
"Quid quid Latine dictum sit, altum viditur"
"Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDO0dgpdyWzQ5b5ckRAnjTAKCy2+R0k3xShtfw4zrxLnTjUrnS5QCdFyQk
pD6qjQvuNV3f7DxeBia/B2I=
=VrJA
-----END PGP SIGNATURE-----
More information about the CentOS
mailing list