Linux – IP-dependent local port-forwarding on Linux

Would it not be easier to switch off ssh forwarding on the ssh server? Just change AllowTcpForwarding from yes to no in your /etc/ssh/sshd_config. If this doesn't suit, you could try something along the lines of

iptables -A OUTPUT -o eth1 -p tcp --cmd-owner "sshd" -j DROP

Solution was partly based om wolfgansz. As I was not originally registered as a user on serverfault, and have since cleared my cookies, it doesnt seem that I can just post a comment.

Default policies are DROP for INPUT and OUTPUT chains, and ACCEPT for FORWARD.

function add_forward {
# $1 = title
# $2 = internal host
# $3 = external port
# $4 = internal port
if [  "$2" == "" ] || [ "$3" == "" ] || [ "$4" == "" ]; then
  echo Skipping forward $1
else
  echo "Forwarding port "$3" to "$2" port "$4" ("$1")"
  $IPT -t nat -A PREROUTING -p tcp --dst $MYIP --dport $3 -j DNAT --to-destination $2:$4
  $IPT -t nat -A POSTROUTING -p tcp --dst $2 --dport $4 -j SNAT --to-source $VMNETIP
  $IPT -t nat -A OUTPUT --dst $MYIP -p tcp --dport $3 -j DNAT --to-destination $2:$4
fi
}

And finally to use it add_forward "My forward", "192.168.0.101" 100 101

$MYIP is defined as the eth0 public IP $VMNETIP is the vmware NAT interface

So all in all, this enables incoming connections on eth0:100 to be bridged through vmnet nat interface to a virtual machine..

Hopefully, this can help someone else as well.

The primary tool for debugging was tcpdump on both the host and guest system

"tcpdump -i eth0 port 100" for listening on the host. This revealed a problem with me setting an incorrect IP in the POSTROUTING rule which made eth0 just drop the packets.

Thanks for the help.