Good day.
I have a following issue – i have plenty of the computers in my local network(probably, about 40, and this amount could increase), and i want to give remote access to all of them from the internet. All those machines are connected to internal network through one gateway/firewall/whateverelse with debian 6.0.7 on board. I can do something like this with iptables on my debian gateway:
iptables -t nat -A PREROUTING -p tcp --dst %ip% -- dport 43001 -j DNAT --to-destination 192.168.0.1:%remotedesktopport%
iptables -t nat -A PREROUTING -p tcp --dst %ip% -- dport 43255 -j DNAT --to-destination 192.168.0.255:%remotedesktopport%
So, then the owner of 192.168.0.1 machine will want to work from home, he will do it easily, and same for 192.168.0.255 etc.
But how can i make same rules for all my local network? May be there is a way to do it just more elegant way then typing manually 255 iptables rules? May be there is some trick to dynamically resolve redirection, something like
-A PREROUTING -d %ip% -p tcp --dport 43%three-digits-number-var% -j DNAT --to-destination 192.168.0.%three-digits-number-var%
where %three-digits-number-var% is a variable from 0 to 255?
I hope that somebody could help me or show me my mistakes, because i'm quite a new to networking and linux.
Upd. The main idea of my current configuration is that number of port matches local ip. E. g. port 43001 for 192.168.0.1, 43005 for 192.168.0.5 and so on. So just specifying port range won't work. Or it would due to some voodoo?..
Best Answer
With iptables you can specify a port range using
What I think you really need to do here is set up a VPN server so that your remote workers use that to connect to your office network.