2

I have two servers, server A and server B. Server B is acting as a VPN for server A. I am trying to figure out a way from a 3rd computer to ssh directly into server A even though it's behind server B's firewall.

Sever A:
IP: 73.85.87.81
sshport: 222

Server B:
IP: 109.192.97.168
sshport: 22

I noticed I can VPN in to server B then ssh to server A or ssh to server B then ssh to server A, but I would rather be able to ssh once and end up at sever A on port 222.

Is there a way I could set things up that when I ssh 109.192.97.168:222 I end up at 73.85.87.81:222?

I do not want to ssh into server B and then from there ssh into server A. I would much rather have ports forwarded to allow me to ssh directly to server A.

Charles S
  • 433

1 Answers1

2

Using IPTABLES you can accomplish what you whant with to following:

Run these rules on 109.192.97.168 ( Server B )

iptables -t nat -A PREROUTING -d 109.192.97.168 -p tcp --dport 222 -j DNAT --to-d 73.85.87.81:222
iptables -t nat -A POSTROUTING -d 73.85.87.81 -p tcp --dport 222 -j MASQUERADE
echo "1" > /proc/sys/net/ipv4/ip_forward

Explanation:

  • You can now ssh on 109.192.97.168 on port 222 and you will be accessing the Server A
  • 1st rule is for redirecting the traffic designated to Server A on port 222 to Server B on port 222
  • 2nd rule is for MASQUERADE ( Translate the outgoing traffic to use the IP Address of interface where the route is connected )
  • 3rd rule is for enabling IP forward, if this isn't already enable
Stancu Mihai
  • 485
  • 3
  • 7