-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed, Sep 28, 2005 at 11:46:50AM -0500, Aleksandar Milivojevic wrote:
Quoting Kirk Bocek t004@kbocek.com:
I did this successfully providing external SSH access to a collection of hosts on a private network. However for this to work, the hosts on the private net also need to be doing SNAT back out through the firewall.
Unless you are doing something funky, SNAT is not needed. All he needs is DNAT. Netfilter should take care of returning packets automagically (unless, as I said, you are doing something funky and confusing Netfilter with it).
If you have a RELATED,ESTABLISHED matching rule only.
[]s
- -- Rodrigo Barbosa rodrigob@suespammers.org "Quid quid Latine dictum sit, altum viditur" "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)