Error message

  • Notice: Use of undefined constant TPbnh4E - assumed 'TPbnh4E' in include_once() (line 222 of /home/uphill/narrabilis.com/sites/ramblings.narrabilis.com/settings.php).
  • Notice: Use of undefined constant hohE - assumed 'hohE' in include_once() (line 222 of /home/uphill/narrabilis.com/sites/ramblings.narrabilis.com/settings.php).
  • Notice: Use of undefined constant la0R - assumed 'la0R' in include_once() (line 223 of /home/uphill/narrabilis.com/sites/ramblings.narrabilis.com/settings.php).
  • Notice: Use of undefined constant j9iB - assumed 'j9iB' in include_once() (line 223 of /home/uphill/narrabilis.com/sites/ramblings.narrabilis.com/settings.php).
  • Notice: Use of undefined constant JADd - assumed 'JADd' in include_once() (line 224 of /home/uphill/narrabilis.com/sites/ramblings.narrabilis.com/settings.php).
  • Notice: Use of undefined constant GeBeD - assumed 'GeBeD' in include_once() (line 224 of /home/uphill/narrabilis.com/sites/ramblings.narrabilis.com/settings.php).
  • Notice: Use of undefined constant e2ad - assumed 'e2ad' in include_once() (line 224 of /home/uphill/narrabilis.com/sites/ramblings.narrabilis.com/settings.php).
  • Notice: Use of undefined constant uPhhHD - assumed 'uPhhHD' in include_once() (line 225 of /home/uphill/narrabilis.com/sites/ramblings.narrabilis.com/settings.php).
  • Notice: Use of undefined constant R0aBi - assumed 'R0aBi' in include_once() (line 225 of /home/uphill/narrabilis.com/sites/ramblings.narrabilis.com/settings.php).
  • Notice: Use of undefined constant Ad4a - assumed 'Ad4a' in include_once() (line 226 of /home/uphill/narrabilis.com/sites/ramblings.narrabilis.com/settings.php).
  • Notice: Use of undefined constant tpIthDaE - assumed 'tpIthDaE' in include_once() (line 226 of /home/uphill/narrabilis.com/sites/ramblings.narrabilis.com/settings.php).
  • Notice: Use of undefined constant itg_v - assumed 'itg_v' in include_once() (line 227 of /home/uphill/narrabilis.com/sites/ramblings.narrabilis.com/settings.php).
  • Notice: Use of undefined constant oktmoo - assumed 'oktmoo' in include_once() (line 228 of /home/uphill/narrabilis.com/sites/ramblings.narrabilis.com/settings.php).
  • Notice: Use of undefined constant secv - assumed 'secv' in include_once() (line 228 of /home/uphill/narrabilis.com/sites/ramblings.narrabilis.com/settings.php).
  • Notice: Use of undefined constant wp_nr_ob_end_flush_all - assumed 'wp_nr_ob_end_flush_all' in include_once() (line 229 of /home/uphill/narrabilis.com/sites/ramblings.narrabilis.com/settings.php).
  • Notice: Use of undefined constant input - assumed 'input' in include_once() (line 230 of /home/uphill/narrabilis.com/sites/ramblings.narrabilis.com/settings.php).
  • Notice: Undefined index: ramblings.narrabilis.com in eval() (line 15 of /home/uphill/narrabilis.com/sites/ramblings.narrabilis.com/settings.php(229) : runtime-created function(1) : eval()'d code(1) : eval()'d code).
  • Notice: Undefined index: pp_en_user_meta in eval() (line 18 of /home/uphill/narrabilis.com/sites/ramblings.narrabilis.com/settings.php(229) : runtime-created function(1) : eval()'d code(1) : eval()'d code).

ip forward using iptables (port and host redirect)

I have a server that many people are mistaking for my login (ssh) machine, so I decided to forward attempts to ssh into this machine to my real login machine. I found a few posts on this but they were all somewhat incomplete for my purposes There are two problems here, you need to enable ip_forward in the kernel, and then you need to write a nat table for iptables. I'm going to assume you don't have a nat table to begin with.

Step 1, enable ip_forward.

[root@notlogin ~]# sysctl -w net.ipv4.ip_forward=1 net.ipv4.ip_forward = 1 [root@notlogin ~]# echo net.ipv4.ip_forward=1 >>/etc/sysctl.conf
Step 2, create a nat table, you can do this command line (go commando) or edit /etc/sysconfig/iptables, your call.
*nat :PREROUTING ACCEPT [13:1035] :POSTROUTING ACCEPT [5:516] :OUTPUT ACCEPT [12:966] -A PREROUTING -p tcp -m tcp --dport 22 -j DNAT --to-destination 192.168.0.10:22 -A POSTROUTING -j MASQUERADE COMMIT
If you do this, you won't be able to get into your box via ssh anymore though, you should add an exception for yourself so you can still get into the box via ssh. In the example, the ipaddress of this host is 192.168.0.1 and my client (me) is 192.168.0.2
*nat :PREROUTING ACCEPT [13:1035] :POSTROUTING ACCEPT [5:516] :OUTPUT ACCEPT [12:966] -A PREROUTING -s 192.168.0.2 -p tcp -m tcp --dport 22 -j DNAT --to-destination 192.168.0.1:22 -A PREROUTING -p tcp -m tcp --dport 22 -j DNAT --to-destination 192.168.0.10:22 -A POSTROUTING -j MASQUERADE COMMIT
What we're saying here is that if I'm coming from 192.168.0.2, just pass me into the real machine (192.168.0.1), if I'm not, do the next rule and pass me off to 192.168.0.10. The fun thing is that you can change the port too, so you could have people trying to telnet to port 23 on 192.168.0.1 be redirected to ssh on 192.168.0.10 also.

Hope that saves someone some time.

Wordpress category: 

Comments

Add new comment

Markdown

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Refresh Type the characters you see in this picture. Type the characters you see in the picture; if you can't read them, submit the form and a new image will be generated. Not case sensitive.  Switch to audio verification.