http://linuxexchange.org/questions/145/connect-via-sshsamba-from-1-box-to-a-hidden-box-natpat-setup<p>I need to access a Linux box via SSH &amp; Samba that is hidden/connected behind another one.</p> <p>Setup :-</p> <pre> A switch B C |----| |---| |----| |----| |eth0|----| |----|eth0| | | |----| |---| |eth1|----|eth1| |----| |----| </pre> <p>Eg, SSH/Samba from A to C</p> <p>How does one go about this?<br> I was thinking that it cannot be done via IP alone? Or can it?</p> <p>Could B say "hi on eth0, if your looking for 192.168.0.2, its here on eth1"?<br> Is this NAT? This is a large private network, so what about if another PC has that IP?!</p> <p>More likely it would be PAT?<br> A would say "hi 192.168.109.15:1234"<br> B would say "hi on eth0, traffic for port 1234 goes on here eth1"<br> How could that be done? </p> <p>And would the SSH/Samba demons see the correct packet header info and work??</p> <p>IP info :-</p> <pre> A - eth0 - 192.168.109.2 B - eth0 - 192.168.109.15 - eth1 - 192.168.0.1 C - eth1 - 192.168.0.2 </pre> <p>A, B &amp; C are RHEL (RedHat) But Windows computers can be connected to the switch. I configured the 192.168.0.* IPs, they are changeable.</p> <p>Any help?</p>enWed, 13 Apr 2011 09:11:52 -0400http://linuxexchange.org/questions/145/connect-via-sshsamba-from-1-box-to-a-hidden-box-natpat-setup/2328<p>Your host B is known as a <strong>dual homed host</strong>. You need for B to route traffic between subnets 192.168.0 and 192.168.109 Configure C (and any other hosts on 192.168.0 subnet) to use 192.168.0.1 as default gateway. Configure B to use the switch as default gateway (probably already is) Configure B to route subnet 192.168.0 traffic out 192.168.0.1 Configure your switch to route subnet 192.168.0 traffic to 192.168.109.15 That will make subnet 192.168.0 accessible to all routable traffic.</p> <p>You can then use firewall features in the switch and/or in B to obtain the security restrictions you want.</p>pbzWed, 13 Apr 2011 09:11:52 -0400http://linuxexchange.org/questions/145/connect-via-sshsamba-from-1-box-to-a-hidden-box-natpat-setup/2328http://linuxexchange.org/questions/145/connect-via-sshsamba-from-1-box-to-a-hidden-box-natpat-setup/483<p>PAT would work for SSH.</p> <p>For Samba try this:</p> <ol> <li>setup A as the master browser for the network segment in the A side (assuming B is not a server and merely passing on packets)</li> <li>setup C to announce itself to A. See 'remote announce' and 'remote browse sync' of smb.conf</li> <li>setup a static route in C for the A network (and vice versa if needed)</li> <li>allow forwarding at B</li> </ol> <p>when C announces its presence to A, stations in A's segment (those connected to the switch) will see it using A as the master browser.</p> <p>smb broadcasts cannot normally traverse network subnets so 'remote announce' makes a server known to another server (and likewise stations) in another subnet.</p> <p>B should be the default gateway for stations on both sides so packets gets properly routed. If not, static routes need to be setup in each station.</p> <p>This works both ways: if there are stations in the C segment that need to access server A, A should 'announce' itself to C.</p> <p>Hope this helps.</p>wimTue, 11 May 2010 20:12:55 -0400http://linuxexchange.org/questions/145/connect-via-sshsamba-from-1-box-to-a-hidden-box-natpat-setup/483http://linuxexchange.org/questions/145/connect-via-sshsamba-from-1-box-to-a-hidden-box-natpat-setup/151<p>What you have termed PAT would work. You will need to have iptables running(or some customizable firewall). Then run the following commands:</p> <pre><code>iptables -t nat -A PREROUTING -p tcp --dport 22 -p DNAT --to-destination 192.168.0.2 iptables -t nat -A PREROUTING -p tcp --dport 135:139 -p DNAT --to-destination 192.168.0.2 iptables -t nat -A PREROUTING -p tcp --dport 445 -p DNAT --to-destination 192.168.0.2 service iptables save echo 1 &gt; /proc/sys/net/ipv4/ip_forward </code></pre> <p>In the file /etc/sysctl.conf, change the line:</p> <pre><code>net.ipv4.ip_forward = 0 </code></pre> <p>to</p> <pre><code>net.ipv4.ip_forward = 1 </code></pre>Kevin MThu, 29 Apr 2010 17:22:27 -0400http://linuxexchange.org/questions/145/connect-via-sshsamba-from-1-box-to-a-hidden-box-natpat-setup/151http://linuxexchange.org/questions/145/connect-via-sshsamba-from-1-box-to-a-hidden-box-natpat-setup/148<p>Can you ssh into box B and then do another ssh into box C from there? Or does that not solve your specific problem?</p> <p>EDIT (In response to the comment from Ian Vaughan): Have you looked at the route command to set up a default route, try route --help at the command line for more info (or possibly man route).</p>AmosWed, 28 Apr 2010 22:00:14 -0400http://linuxexchange.org/questions/145/connect-via-sshsamba-from-1-box-to-a-hidden-box-natpat-setup/148