iptables (NAT/PAT) setup for SSH & Samba

Posted by IanVaughan on Server Fault See other posts from Server Fault or by IanVaughan
Published on 2010-04-29T13:07:03Z Indexed on 2011/11/26 1:54 UTC
Read the original article Hit count: 581

Filed under:
|
|

I need to access a Linux box via SSH & Samba that is hidden/connected behind another one.

Setup :-

  
 A        switch    B         C
|----|    |---|    |----|    |----|
|eth0|----|   |----|eth0|    |    |
|----|    |---|    |eth1|----|eth1|
                   |----|    |----|

Eg, SSH/Samba from A to C

How does one go about this?
I was thinking that it cannot be done via IP alone? Or can it?

Could B say "hi on eth0, if your looking for 192.168.0.2, its here on eth1"?
Is this NAT? This is a large private network, so what about if another PC has that IP?!

More likely it would be PAT?
A would say "hi 192.168.109.15:1234"
B would say "hi on eth0, traffic for port 1234 goes on here eth1"
How could that be done?

And would the SSH/Samba demons see the correct packet header info and work??

IP info :-

A - eth0 - 192.168.109.2
B - eth0 - B1 = 192.168.109.15 B2 = 172.24.40.130
  - eth1 - 192.168.0.1
C - eth1 - 192.168.0.2

A, B & C are RHEL (RedHat) But Windows computers can be connected to the switch. I configured the 192.168.0.* IPs, they are changeable.


Update after response from Eddie

Few problems (and Machines' B IP is different!)

From A :-
ssh 172.24.40.130 works ok, (can get to B2)
but ssh 172.24.40.130 -p 2022 -vv times out with :-

OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 172.24.40.130 [172.24.40.130] port 2022.
...wait ages...
debug1: connect to address 172.24.40.130 port 2022: Connection timed out
ssh: connect to host 172.24.40.130 port 2022: Connection timed out

From B2 :-

$ service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     tcp  --  0.0.0.0/0            192.168.0.2         tcp dpt:22

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

Table: nat
Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination
1    DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:2022 to:192.168.0.2:22

Chain POSTROUTING (policy ACCEPT)
num  target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

And ssh from B2 to C works fine :-

$ ssh 192.168.0.2

Route info :-

$ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.0.0     *               255.255.255.0   U     0      0        0 eth1
172.24.40.0     *               255.255.255.0   U     0      0        0 eth0
169.254.0.0     *               255.255.0.0     U     0      0        0 eth1
default         172.24.40.1     0.0.0.0         UG    0      0        0 eth0

$ ip route  
192.168.0.0/24 dev eth1  proto kernel  scope link  src 192.168.0.1
172.24.40.0/24 dev eth0  proto kernel  scope link  src 172.24.40.130
169.254.0.0/16 dev eth1  scope link
default via 172.24.40.1 dev eth0

So I just dont know why the port forward doesnt work from A to B2?

© Server Fault or respective owner

Related posts about ssh

Related posts about samba

  • Unable to connect to Samba printer

    as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
    I have a headless Ubuntu 12.04 server for files and printers. It shares files via Samba just fine. However, the HP PSC-750xi connected to the server via USB is not accessible from my Ubuntu 12.04 laptop. I can browse for it in the Printing control panel, but any attempt to authenticate my ID to the… >>> More

  • Samba folder is gone

    as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
    I seem to have some issues sharing folders from my Ubuntu 12.04 machine to a Win7 machine. After playing around with the settings, I decided to revert to Samba's original setting by reinstalling it: sudo apt-get purge samba sudo rm -rf /etc/samba/ /etc/default/samba sudo apt-get install samba just… >>> More

  • Samba on OS X 10.6.4

    as seen on Server Fault - Search for 'Server Fault'
    I just updated from 10.6.3 to 10.6.4, and now my Samba shares won't mount and won't allow access into the directories. In the logs, I've started to get the following errors, any idea what might have gone wrong? 2010/06/25 15:54:27, 0, pid=13848] /SourceCache/samba/samba-235.4/samba/source/passdb/secrets… >>> More

  • OpenLDAP and Samba, can't log onto Samba share from Windows

    as seen on Server Fault - Search for 'Server Fault'
    The former jackass IT-guy that I'm taking over for had a Samba share setup on a Fedora server that uses our OpenLDAP server to authenticate users who want to log in from Windows. We recently added a new employee and I jumped through the LDAP hoops to add them to the system. However, I can't seem… >>> More

  • Windows 7 Samba issue

    as seen on Server Fault - Search for 'Server Fault'
    We have a strange samba issue affecting only one user. Our samba setup is as follow : Red Hat Enterprise Linux Server release 5.4 (Tikanga) - Samba Server Samba version 3.0.33-3.14.el5 - Samba version Domain Controller WIN2008R2 Standard -… >>> More