Good day everyone,

I couldn't find an answer to this question (not including vpn) on different threads so decided to eventually post it, though it's probably easy one.

I would like to connect to some application on known IP and port in the internet from my LAN computer. However to do so (I have some application, not any administrative constraints or not being allowed to) I would like to use local addresses. So, let's say - I want to connect to the external host VV.XX.YY.ZZ, port AA using 192.168.EE.FF port BB.
Baically so far I have limitation in my application (too many places for possible error, to correct it right now - will change it in future). Is it possible that after my application sends request to 192.168.1.EE port BB, my Linux transparently translates it to VV.XX.YY.ZZ:AA?
I tried iptables tutorials and some forums, but nothing seems to be addressing this issue. I don't know if it's event possible with iptables but am pretty sure this should be possible.


Thank You all for any inputs.
Regards,
Krzysztow.

Hello,

The only logical answer I can think of for this is to use forwarding rules using iptables.
http://www.hackorama.com/network/portfwd.shtml
http://tldp.org/HOWTO/IP-Masquerade-...orwarders.html
Here is the man page for iptables - http://linux.die.net/man/8/iptables

Hope that helps man. Cheers,

Josh

If you can SSH in you could use a tunnel?

Thank You for Your answers.

unSpawn: I think this is not the case for me
corp79: So if You say, it is possible with iptables, I will try to understand it better. Am reading more thoroughly it right now. When I reach the solution, surely will post it here.

Regards,
Chris.

Awesome, glad you followed it up. If you get stuck, post your problems in this thread, and we all will be glad to help out.

Josh

Hey,

I haven't had time lately, so am writing so late. The answer to my question was easier than I thought (thanks corp769, for getting me back on iptables track!).

I present briefly my issue once again:
1) When I am at my work, I have local access to some ftp and ssh servers. In some applications I have predefined ip's and ports and don't want to mess with them.
2) When I get back to my place, I would like not to change anything (or almost anything) and be able to access those resources mentioned earlier. The problem is I am not in the local network anymore. Moreover, my local network is behind the firewall, thus the ports are changed as well (port forwarding on the gateway in my work place).

Fortunately, iptables comes to the rescue. What I did is described below:
1) I have to mention I am configuring NAT on the same machine where I am making the requests - this has consequences in making changes in OUTPUT chain. If the case was some other computer, and the nat was on its gateway - then nat table PREROUTING and POSTROUTING tables would have to be altered.
2) enable port forwarding. This may be done in few ways. I want it to last only for a current session, so I write value 1 into /proc/sys/net/ipv4/ip_forward. Taking into account my system is ubuntu, I did (root privileges are needed to write to aforementioned file):
3) Now I have to add some rules to OUTPUT chain of nat table. Let assume at work, in the local network, I made a request to ftp server with local address 192.168.1.AA standard port aa. Moreover the router there has WAN ip of UU.VV.XX.YY and port bb is forwarded to my ftp server, port aa.
What is needed to be done is to add following rule:
Literally, it means "add the rule to the nat table, OUTPUT chain - it affects only those packets that are generated within the nat computer. Moreover, these packets destination address has to be 192.168.1.AA, whereas port aa. The fields destination address and port are going to be changed into UU.VV.XX.YY and bb, respectively."
Of course, the inverse rules are added automatically, so when the server sends responses, they are altered the other way round.

I have written a script, which has some of these mapping rules and anytime I am home, wanting to get any of the work resources, I ran it and then use clients as if I was in the work intranet.

Hope this helps someone else. While looking for this answer I found following resources very helpful:
1) Very helpful to start from - http://www.karlrupp.net/en/computer/nat_tutorial
2) Well described, although old one - http://www.netfilter.org/documentati.../NAT-HOWTO.txt
3) Nice one and has useful example scripts - http://www.linuxhomenetworking.com/w...Using_iptables

Best regards,
Krzysztow.