1

iptables: How to combine DNAT and SNAT to use a secondary IP address?

view story
linux-howto

http://serverfault.com – There are lots of questions on here about iptables DNAT/SNAT setups but I haven't found one that solves my current problem. I have services bound to the IP address of eth0 (e.g. 192.168.0.20) and I also have a IP address on eth0:0 (192.168.0.40) which is shared with another server. Only one server is active, so this alias interface comes and goes depending on which server is active. In order to get traffic accepted by the service a DNAT rule is used to change the destiantion IP. iptables -t nat -A PREROUTING -d 192.168.0.40 -p udp --dport 7100 -j DNAT --to-destination 192.168.0.20 I also w (HowTos)

taskli's picture
Submitted by taskli on 10/16/2012

Stories similar to iptables: How to combine DNAT and SNAT to use a secondary IP address?

I have a basic setup that requires the following Client -> iptables DNAT -> Server using udp messaging:

The configuration I have on my client is: (my server is 172.33.1.30)

ifconfig eth0:1 172.32.1.10 netmask 255.255.0.0 ifconfig eth1 172.33.1.10 netmask 255.255.0.0 iptables -t nat -A PREROUTING -p udp -i eth0 -d 172.32.1.10 --dport 1001 -j DNAT --to 172.33.1.30 iptables -A FORWARD -p udp -i et

I have a linux box with two NIC cards: eth0 and eth1.

In one card i have 3 public IP:

eth0 = 10.10.10.1 eth0:1= 10.10.10.2 eth0:2= 10.10.10.3

In the other card I have one local IP

eth1 = 192.9.200.1

I want to redirect all the wan traffic for 10.10.10.2 to the LAN 192.9.200.2 and the same for 10.10.10.3 to 192.9.200.3

I have tried with this rule but doesn't work

iptables -t nat -A PRE

I want to forward port 2222 on an Ubuntu 12.04 server to remote host 1.2.3.4 port 22, using iptables.

After reading many web pages on port-forwarding, I issue

$ sysctl net.ipv4.conf.eth0.forwarding net.ipv4.conf.eth0.forwarding = 1 $ sudo iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 2222 -j DNAT --to-destination 1.2.3.4:22

Which forwards traffic as I desired. But ssh does not work.

I have an existing iptables setup that does port forwarding. In this port forwarding scenario there are some instances where I do not want it to port forward. So, for instance I have this defined:

iptables -A PREROUTING -t nat -i eth0 '!' -s 10.200.0.0/16 -p tcp --dport 80 -j DNAT --to 10.200.30.11

This will prevent 10.200/16 from accessing this rule.

Hello. I'm brand new to Linux, but a long time Windows administrator, so I understand the concepts, not the syntax.

I've stumbled through setting up Ubuntu Server as a NAT server. It's working great now.

i have centos box with public ip on eth0 and private ip on eth1,4 pub ips are aliased on eth0.

I have written DNAT rule to NAT request on 1.1.1.3 to 10.10.10.3 it worked fine,

but when i add more DNAT rule it is not working.

If I forward port 5764 to port 80 to my VOIP device, I can nmap and get a proper connection. If I forward port 5764 to port 22 to my server, it comes up filtered. It even happens if I try forwarding port 80 to my server. So I'm sure it has something to do with my server, but I'm not sure.

Here's my Linksys iptables:

Code: :wanin - [0:0]

Good day. I have a following issue - i have plenty of the computers in my local network(probably, about 40, and this amount could increase), and i want to give remote access to all of them from the internet. All those machines are connected to internal network through one gateway/firewall/whateverelse with debian 6.0.7 on board.

DNAT in SuSEFirewall2 3 years 19 weeks ago

Ok, I'm fighting with this for hours now. Here is the story:

I have a server with a XEN Virtual Machine. The VM uses the address 192.168.0.4. The same server uses two more network cards - one with the IP 192.168.0.1 and one with the IP 192.168.1.10.

Now - what I want to do is make a simple port redirection:

192.168.1.10:80 --> 192.168.0.4:80