iptables help with subdomains, and internal ip's

[d0ugb]

Okay, forgive me if i say anything incorrect here, im still pretty new with iptables. Here is my situation, I have 1 ipaddress from ISP, and im running bind on the same computer that i use to share my connection with the rest of my network. I use a base 10.0.0.x network, what i want to know is it possible to allow external access to to a subdomain mycomp.example.com even though it is on an internal address? For example i run a SSH serve on port 22 on my server, but i want to ssh directly into my subdomain using the same port 22 to connect, right now the only way i have been able to acomplish this is by connecting to the server then connecting to the internal machine. Is there anyway that i can do this? Thanks in advance.

[Voorhees51]

use iptables to setup a NAT then use port forwarding

[aetius]

more specifically, there are three steps you need to perform:

1) set up NAT so your internal addresses can get back out (I'm assuming you are doing this already)
2) redirect traffic on the firewall's external interface port to the internal host
3) allow the traffic to cross the router once redirected.

To redirect, you need to tell iptables to convert the destination IP to the internal IP:

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 22 -j DNAT --to-destination 10.0.0.5

10.0.0.5 being an example, and eth0 being your external interface.

Then, you have to allow that traffic across the FORWARD chain - otherwise it should be dropped by your drop policy (which is set, right?).

iptables -A FORWARD -i eth0 -d 10.0.0.5 -p tcp --dport 22 -j ACCEPT

again assuming eth0 is your external interface and the target address is 10.0.0.5.