1

Does NAT-ing rewrite the source IP in packets?

view story
linux-howto

http://serverfault.com – I'm trying to set up port forwarding so that a specific IP (e.g 1.2.3.4/32) can SSH via a bastion (e.g 5.5.5.5:2222) to an app server (10.3.3.3:22). The bastion and app server are running in a VPC in Amazon with only the bastion exposed to the Internet. I'm using the following rule on the bastion (I've left out the source IP until I get it working): iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 2222 -j DNAT --to 10.3.3.3:22 but when I try to connect, I get no response. Running tcpdump on the bastion shows that traffic is getting through, so I assume I'm hitting the app server's VPC (HowTos)