Answers to: Connect via SSH/Samba from 1 box to a hidden box (NAT/PAT?) setup?http://linuxexchange.org/questions/145/connect-via-sshsamba-from-1-box-to-a-hidden-box-natpat-setup<p>I need to access a Linux box via SSH &amp; Samba that is hidden/connected behind another one.</p> <p>Setup :-</p> <pre> A switch B C |----| |---| |----| |----| |eth0|----| |----|eth0| | | |----| |---| |eth1|----|eth1| |----| |----| </pre> <p>Eg, SSH/Samba from A to C</p> <p>How does one go about this?<br> I was thinking that it cannot be done via IP alone? Or can it?</p> <p>Could B say "hi on eth0, if your looking for 192.168.0.2, its here on eth1"?<br> Is this NAT? This is a large private network, so what about if another PC has that IP?!</p> <p>More likely it would be PAT?<br> A would say "hi 192.168.109.15:1234"<br> B would say "hi on eth0, traffic for port 1234 goes on here eth1"<br> How could that be done? </p> <p>And would the SSH/Samba demons see the correct packet header info and work??</p> <p>IP info :-</p> <pre> A - eth0 - 192.168.109.2 B - eth0 - 192.168.109.15 - eth1 - 192.168.0.1 C - eth1 - 192.168.0.2 </pre> <p>A, B &amp; C are RHEL (RedHat) But Windows computers can be connected to the switch. I configured the 192.168.0.* IPs, they are changeable.</p> <p>Any help?</p>enWed, 13 Apr 2011 09:11:52 -0400Answer by pbzhttp://linuxexchange.org/questions/145/connect-via-sshsamba-from-1-box-to-a-hidden-box-natpat-setup/2328<p>Your host B is known as a <strong>dual homed host</strong>. You need for B to route traffic between subnets 192.168.0 and 192.168.109 Configure C (and any other hosts on 192.168.0 subnet) to use 192.168.0.1 as default gateway. Configure B to use the switch as default gateway (probably already is) Configure B to route subnet 192.168.0 traffic out 192.168.0.1 Configure your switch to route subnet 192.168.0 traffic to 192.168.109.15 That will make subnet 192.168.0 accessible to all routable traffic.</p> <p>You can then use firewall features in the switch and/or in B to obtain the security restrictions you want.</p>pbzWed, 13 Apr 2011 09:11:52 -0400http://linuxexchange.org/questions/145/connect-via-sshsamba-from-1-box-to-a-hidden-box-natpat-setup/2328Answer by Kevin Mhttp://linuxexchange.org/questions/145/connect-via-sshsamba-from-1-box-to-a-hidden-box-natpat-setup/151<p>What you have termed PAT would work. You will need to have iptables running(or some customizable firewall). Then run the following commands:</p> <pre><code>iptables -t nat -A PREROUTING -p tcp --dport 22 -p DNAT --to-destination 192.168.0.2 iptables -t nat -A PREROUTING -p tcp --dport 135:139 -p DNAT --to-destination 192.168.0.2 iptables -t nat -A PREROUTING -p tcp --dport 445 -p DNAT --to-destination 192.168.0.2 service iptables save echo 1 &gt; /proc/sys/net/ipv4/ip_forward </code></pre> <p>In the file /etc/sysctl.conf, change the line:</p> <pre><code>net.ipv4.ip_forward = 0 </code></pre> <p>to</p> <pre><code>net.ipv4.ip_forward = 1 </code></pre>Kevin MThu, 29 Apr 2010 17:22:27 -0400http://linuxexchange.org/questions/145/connect-via-sshsamba-from-1-box-to-a-hidden-box-natpat-setup/151