I'm running 3 virtual machines with Fedora 19. The machine B is set up with two networks adapters and provides que channel between machine A and machine C.
The machine A IP is set to 192.168.1.3
and machine C IP is set to 172.16.1.1
. On machine B I have one adapter with IP 192.168.1.254
and another adapter with IP 172.16.1.254
.
I have to create a rule on machine B in the NAT table that allows an SSH connection to machine A but using the IP external address of machine B.
I've created this rule (don't know if this is correct or not):
iptables -t nat -A PREROUTING -i p8p1 -s 172.16.1.1 -d 172.16.1.254 -p tcp --dport 22 -j DNAT --to-destination 192.168.1.3
If I only do this, if I use netcat
I can't connect to machine A.
Now, if i insert this rule:
iptables -A FORWARD -i p8p1 -o p7p1 -s 172.16.1.1 -d 192.168.1.3 -p tcp --dport 22 -j ACCEPT
I can make the connection.
My question is this:
Inserting the second rule doesn't make the first rule unnecessary?