I have a GNS3 server, and I'm trying to add iptable rules so that when someone on my team connects on port 1100, they get routed to an internal IP such as 192.168.122.2:22. This internal IP belongs to a bastion host of a GNS3 project. The end goal is to be able to shh into the internal IP addresses from a local machine.
This is how my IPTABLE looks (using fake public IP 1.2.3.4 for sake of example):
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 DNAT tcp -- 0.0.0.0/0 1.2.3.4 tcp dpt:1100 to:192.168.122.2:22
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0
Chain DOCKER (0 references)
num target prot opt source destination
Chain LIBVIRT_PRT (0 references)
num target prot opt source destination
From my local machine, I execute the command ssh [email protected] -p1100.
Ubuntu is the username needed to access the GNS3 project internal IP.
After executing this command, I get the following output on the GNS3 server (1.2.3.4):
cloud@gns3:~$ connect_to 192.168.122.2 port 1100: failed.
Seems like my SSH command is reaching the GNS3 server, and attempts to do a port forwarding. However, it's attempting to forward to port 1100 instead of 22 for some reason? Can anyone identify why?
Here's what I tried to far:
- Set ipv4 port forwarding to 1
- set GatewayPorts and AllowTcpForwarding to 1 in
- ran on local machine (I think this changed some configs on the server) -
ssh -R 1.2.3.4:1100:192.168.122.2:22 [email protected]
- Added rule to IPtables using command
sudo iptables --table nat --append PREROUTING --protocol tcp --destination 1.2.3.4 --dport 1100 --jump DNAT --to-destination 192.168.122.2:22
- Also added Masquerading:
sudo /sbin/iptables -t nat -A POSTROUTING -j MASQUERADE
