Хочу обеспечить доступ к машине за натом по ssh. После гугления добавил некоторые правила, но почему-то не сработало. Вот весь iptables.
*nat
:PREROUTING ACCEPT [214579:19249650]
:POSTROUTING ACCEPT [19:1609]
:OUTPUT ACCEPT [1027:216992]
-A POSTROUTING -o eth1 -j MASQUERADE
-A POSTROUTING -o ppp0 -j MASQUERADE
#-A PREROUTING -i eth1 -p tcp --dport 17001 -j DNAT --to-destination 192.168.155.6:17001
#-A PREROUTING -i eth1 -p udp --dport 17002 -j DNAT --to-destination 192.168.155.6:17002
#-A PREROUTING -i eth1 -p udp --dport 17003 -j DNAT --to-destination 192.168.155.6:17003
#-A PREROUTING -i eth1 -p tcp --dport 2222 -j DNAT --to-destination 192.168.155.6:22
#-A PREROUTING -p tcp -d 78.140.xx.xx --dport 2222 -j DNAT --to-destination 192.168.155.6:22
-A PREROUTING -p tcp --dst 78.140.xx.xx --dport 2222 -j DNAT --to-destination 192.168.155.6:22
COMMIT
# Completed on Thu Nov 12 01:15:20 2009
# Generated by iptables-save v1.4.3.1 on Thu Nov 12 01:15:20 2009
*mangle
:PREROUTING ACCEPT [12517496:8066033597]
:INPUT ACCEPT [428909:131103564]
:FORWARD ACCEPT [11941782:7919464699]
:OUTPUT ACCEPT [419087:106953511]
:POSTROUTING ACCEPT [12361232:8026444375]
COMMIT
# Completed on Thu Nov 12 01:15:20 2009
# Generated by iptables-save v1.4.3.1 on Thu Nov 12 01:15:20 2009
*filter
:INPUT ACCEPT [60695:3930065]
:FORWARD ACCEPT [11941782:7919464699]
:OUTPUT ACCEPT [23:1188]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 1723 -j ACCEPT
-A INPUT -s 192.168.155.0/24 -p udp -m udp --dport 137 -j ACCEPT
-A INPUT -s 192.168.155.0/24 -p udp -m udp --dport 138 -j ACCEPT
-A INPUT -s 192.168.155.0/24 -p tcp -m tcp --dport 139 -j ACCEPT
-A INPUT -s 192.168.155.0/24 -p tcp -m tcp --dport 445 -j ACCEPT
-A FORWARD -i eth1 -d 192.168.155.6 -p tcp --dport 22 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
COMMIT
