LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 03-22-2010, 07:56 PM   #1
Winanjaya
Member
 
Registered: Sep 2003
Posts: 209

Rep: Reputation: 32
How to do NAT in Iptables? ..(IP Public to Internal IP)


How to do NAT in Iptables? ..
I am trying to NAT IP public:Port to Internal IP:Port (202.a.b.c SMTP to 172.16.1.169 SMTP) ..

could any body please help?

thanks & regards

Winanjaya
 
Old 03-22-2010, 08:03 PM   #2
troop
Member
 
Registered: Feb 2010
Distribution: gentoo, arch, fedora, freebsd
Posts: 379

Rep: Reputation: 96
Code:
-A PREROUTING -p udp -m udp --dport 161 -d 202.a.b.c -j DNAT --to-destination 172.16.1.169:161

Last edited by troop; 03-22-2010 at 08:06 PM.
 
Old 03-22-2010, 08:18 PM   #3
Winanjaya
Member
 
Registered: Sep 2003
Posts: 209

Original Poster
Rep: Reputation: 32
Hi Troop, I tried like that but it doesnot work.. (I meant it still cannot be reached from internet)..
Do I need something in INPUT section?
 
Old 03-22-2010, 08:56 PM   #4
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Actually, the command should be more like:
Code:
iptables -t nat -A PREROUTING -p TCP -i eth0 --dport 25 -d 202.a.b.c \
-j DNAT --to-destination 172.16.1.169
And no, this wouldn't require anything be done to the INPUT chain. It would only require that IP forwarding be enabled, and that the packet gets sent to ACCEPT somewhere in the FORWARD chain. BTW, I'm moving this to Networking.

EDIT: Oh, don't forget to deal with the returning packets (which must have their IP set back to the public one):
Code:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Last edited by win32sux; 03-22-2010 at 09:19 PM.
 
Old 03-22-2010, 09:23 PM   #5
Winanjaya
Member
 
Registered: Sep 2003
Posts: 209

Original Poster
Rep: Reputation: 32
Hi, thanks, it still not working, what I missed? what should I check?
please help
thanks & regards
 
Old 03-22-2010, 09:25 PM   #6
Winanjaya
Member
 
Registered: Sep 2003
Posts: 209

Original Poster
Rep: Reputation: 32
btw .. I am using eth0 connected to internet router and eth1 to switch hub..

eth0 is on 202.a.b.e
eth1 is on 172.16.1.1
 
Old 03-22-2010, 09:34 PM   #7
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Post the output of this command:
Code:
cat /proc/sys/net/ipv4/ip_forward
 
Old 03-22-2010, 09:44 PM   #8
Winanjaya
Member
 
Registered: Sep 2003
Posts: 209

Original Poster
Rep: Reputation: 32
the result is 1
any idea?
 
Old 03-22-2010, 09:44 PM   #9
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Okay, what about the output of these:
Code:
iptables -nvL FORWARD
Code:
iptables -nvL -t nat
 
Old 03-22-2010, 10:03 PM   #10
Winanjaya
Member
 
Registered: Sep 2003
Posts: 209

Original Poster
Rep: Reputation: 32
[root@firewall ~]# cat /proc/sys/net/ipv4/ip_forward
1


[root@firewall ~]# iptables -nvL FORWARD
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0


[root@firewall ~]# iptables -nvL -t nat
Chain PREROUTING (policy ACCEPT 390 packets, 28481 bytes)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- eth0 * 0.0.0.0/0 202.a.b.c1 tcp dpt:25 to:172.16.1.69:25
0 0 DNAT tcp -- eth0 * 0.0.0.0/0 202.a.b.c1 tcp dpt:110 to:172.16.1.69:110


Chain POSTROUTING (policy ACCEPT 13 packets, 1219 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 13 packets, 1219 bytes)
pkts bytes target prot opt in out source destination
 
Old 03-22-2010, 10:09 PM   #11
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
You don't have a POSTROUTING rule.
 
Old 03-22-2010, 10:12 PM   #12
Winanjaya
Member
 
Registered: Sep 2003
Posts: 209

Original Poster
Rep: Reputation: 32
what should I put there regarding to my NAT?
 
Old 03-22-2010, 10:14 PM   #13
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Code:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
 
Old 03-22-2010, 10:24 PM   #14
Winanjaya
Member
 
Registered: Sep 2003
Posts: 209

Original Poster
Rep: Reputation: 32
still not working ;<( .. is it routing problem?

[root@firewall ~]# iptables -nvL -t nat
Chain PREROUTING (policy ACCEPT 390 packets, 28481 bytes)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- eth0 * 0.0.0.0/0 202.a.b.c1 tcp dpt:25 to:172.16.1.69:25
0 0 DNAT tcp -- eth0 * 0.0.0.0/0 202.a.b.c1 tcp dpt:110 to:172.16.1.69:110

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
 
Old 03-22-2010, 10:28 PM   #15
nimnull22
Senior Member
 
Registered: Jul 2009
Distribution: OpenSuse 11.1, Fedora 14, Ubuntu 12.04/12.10, FreeBSD 9.0
Posts: 1,571

Rep: Reputation: 92
Can you post output of the next command, please:
iptables-save
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
public ip address from behind nat mrtwice Linux - Networking 4 09-13-2012 09:24 AM
[SOLVED] NAT 1-1 for Three Public IPs on Ubuntu debianfan Linux - Security 61 03-21-2010 10:11 PM
NAT to different Public IP's compucoder Linux - Networking 1 01-29-2009 09:26 PM
Public IP behind NAT abdul_zu Linux - Networking 12 07-08-2005 02:42 AM
NAT + public IPS (+ firestarter) Stefan Pantiru Linux - Networking 2 05-17-2005 05:43 AM


All times are GMT -5. The time now is 10:27 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration