I have a problem when using ssh port forwarding and nat simoultaneously.
Situation:
Machine A runs a webserver on port 8080 Machine B is a raspberry pi which works like a little router. It has two network interfaces (eth0 and eth1). eth0 is connected to the LAN and through that to the WAN. eth1 is only connected to Machine A. It runs ddclient for dyndns connection.
Goal:
I want to connect to machine A safely to port 8080 etc. through ssh port forwarding.
What I tried:
On my local machine (MacBook) I used:
ssh -L 5903:127.0.0.1:5901 [email protected]
or
ssh -L 5903:127.0.0.1:5901 pi@machine-b-ip
and I can connect to the vnc server on machine B with (just for testing purposes):
vnc://127.0.0.1:5903/
So my assumption was to forward port 8080 from my local machine to machine B and "nat" it to machine A with this iptable rules:
iptables -t nat -A POSTROUTING --out-interface eth1 -j MASQUERADE
iptables -A FORWARD --in-interface eth0 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -i eth0 -m tcp --dport 8080 -j DNAT --to-destination 192.168.110.101:8080
My other iptables config was:
iptables -t nat -A PREROUTING -p tcp -i eth0 -m tcp --dport 9090 -j DNAT --to-destination 192.168.114.151:8080
iptables -t nat -A POSTROUTING --out-interface eth1 -j MASQUERADE
iptables -A FORWARD --in-interface eth0 -s 192.168.178.20 -j ACCEPT
iptables -A FORWARD --in-interface eth0 -j DROP
I also enabled ssh GatewayPorts on machine B but every time I want to connect through:
http://127.0.0.1:8080/
I get the error "connection refused" and the log says that "this service is not running". But if I connect through:
http://ip-machine-b:8080/
it works.
Can you help me, please? I tried several solutions from remote and local ssh port forwarding, over ssh multi hops and nat etc. but wasn't able to get a working solution for me.
Thanks in advance, Dominik.
