Iptables port forwarding?

D

duoman2017-04-27 23:35:29

iptables

duoman, 2017-04-27 23:35:29

I'm trying to make port forwarding for ssh through a machine on the same network:
there is a machine 192.168.0.2
there is a second machine 192.168.0.4
both machines on centos 7
forwarding allowed and fixed in sysctl
echo '1' | sudo tee /proc/sys/net/ipv4/conf/eth0/
forwarding

iptables -t nat -A PREROUTING -d 192.168.0.2 -p tcp --dport 2222 -j DNAT --to-destination 192.168.0.4:22
iptables -t nat -A POSTROUTING -d 192.168.0.4 -p tcp --dport 22 -j SNAT --to-source 192.168.0.2

I try to ssh 192.168.0.2 -p 2222 I get a fig
firewalld
turned off selinux turned off
in iptables -L

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destinatio

Please help with good advice. What did I miss?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

M

Mystray, 2017-04-27
@Mystray

I try to ssh 192.168.0.4 -p 2222 I get a fig

It is logical, because port 22 is listening on 192.168.0.4.
You need to knock on ssh 192.168.0. 2 -p 2222, then 192.168.0.2 will change addresses in the connection and redirect the request to 192.168.0.4, other than from its name-address

K

krosh, 2017-04-28
@krosh

Check that port 2222 on 192.168.0.4 is open for .2.