I'm using this command to establish NAT on my VM container:
iptables -t nat -A PREROUTING -d ${MAIN_IP} -p tcp --dport ${2} -j DNAT --to-destination ${SUBNET}${3}
with
- MAIN_IP being main server's global IP
- SUBNET being first three numbers of my VM subnet, e.g. "192.168.1."
- $2 being port I want to forward
- $3 being the last subnet segment, e.g. 20
This works fine for straight NATing.
But today I wanted to declare a DNAT to SSH port, so I set $2 to 5022 and $3 to 20:22, resulting in the following line, for clarity:
iptables -t nat -A PREROUTING -d ${MAIN_IP} -p tcp --dport 5022 -j DNAT --to-destination 192.168.1.20:22
Yet this one does not work: connections time out when I try to ssh to the VM. Note that they do not time out when I don't use nat, so ssh [email protected] works just fine. It only doesn't work through NAT.
UFW is not enabled on container server. It listens to pretty much nothing so there's no need to close anything - or so I hope.
I'm assuming the DNAT rule is correct, so how do I determine what's blocking me?
Edit: output of nat table:
#iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere my-server tcp dpt:2113 to:192.168.1.35
DNAT tcp -- anywhere my-server tcp dpt:2115 to:192.168.1.35
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
Edit 2: I'm temporarily solving the issue with having VM sshd listen to multiple ports. This way NAT works just fine.
0 Answers