[CentOS] A little iptables help
    Rodrigo Barbosa 
    rodrigob at suespammers.org
       
    Thu Sep 29 01:46:08 UTC 2005
    
    
  
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, Sep 28, 2005 at 11:46:50AM -0500, Aleksandar Milivojevic wrote:
> Quoting Kirk Bocek <t004 at kbocek.com>:
> 
> >I did this successfully providing external SSH access to a collection 
> >of hosts on a private network. However for this to work, the hosts on 
> >the private net also need to be doing SNAT back out through the 
> >firewall.
> 
> Unless you are doing something funky, SNAT is not needed.  All he needs 
> is DNAT.
> Netfilter should take care of returning packets automagically (unless, as I
> said, you are doing something funky and confusing Netfilter with it).
If you have a RELATED,ESTABLISHED matching rule only.
[]s
- -- 
Rodrigo Barbosa <rodrigob at suespammers.org>
"Quid quid Latine dictum sit, altum viditur"
"Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDO0dgpdyWzQ5b5ckRAnjTAKCy2+R0k3xShtfw4zrxLnTjUrnS5QCdFyQk
pD6qjQvuNV3f7DxeBia/B2I=
=VrJA
-----END PGP SIGNATURE-----
    
    
More information about the CentOS
mailing list