LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 03-07-2003, 11:59 AM   #1
renmo
LQ Newbie
 
Registered: Mar 2003
Location: Arkansas
Distribution: Debian/Sarge
Posts: 7

Rep: Reputation: 0
Angry Iptables/DNAT not working! I'm going insane!


Basically, trying to DNAT or forward incoming http requests to another box. It isn't working! I've tried it at work to go from one box to another on our internal LAN and tried it at home coming in over my Linux firewall/masq box. I've also tried REDIRECT for transparent proxying on another box and it doesn't work either.

I'm running Debian Woody/Stable and iptables v1.2.6a. I only have one nic in the box I want to DNAT on. I've got all the chains' policies set to ACCEPT.

I simply try and add the following:

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 172.31.1.3:80

This doesn't work. I've also tried a simliar forwarding policy and that doesn't work either.

Anyone have any ideas? I know I don't really need to DNAT an internal to internal connection, but it should work right? I've tried about every different syntax style I have found on the different msg boards and no luck. Is there something I'm missing? I have every netfiltering module in the kernel added and have checked and all the other features of netfilters, like ip masquerading, are working.

Thanks,
Ryan
 
Old 03-07-2003, 01:40 PM   #2
ehedman
Member
 
Registered: Jan 2003
Location: Wisconsin, USA
Distribution: Rehat 7.3
Posts: 31

Rep: Reputation: 15
I don't know if this helps, but I had a similar problem with iptables and allowing telnet access to to a redhat 7.3 server I had installed from CDs from a redhat book. I finally bought a PC with redhat preinstalled. I did the same exact setup of iptables on the new PC. It worked fine. Something else may just be missing from your Linux install. I never found a way to determine what was missing.
 
Old 03-07-2003, 01:53 PM   #3
renmo
LQ Newbie
 
Registered: Mar 2003
Location: Arkansas
Distribution: Debian/Sarge
Posts: 7

Original Poster
Rep: Reputation: 0
I might clarify something or also ask these additional questions. Lets assume all my syntax is correct. Then maybe it's a package i haven't installed or.. another theory is maybe you can't NAT with only 1 nic ?? That wouldn't make since, but it's the only other things I can thing of.

I have the iptables and ipmasq packages installed. The ipmasq will override my iptables rules at bootup (easily fixed) and I've gone to manually flush them. I'm also not quite sure what the ipmasq package has that's needed to masquerade other than iptables, thinking that iptables had masq modules??

Again, I have no problems forwarding masqueraded packets to my internal boxes from the Internet point, but NAT will not work
 
Old 03-07-2003, 05:02 PM   #4
renmo
LQ Newbie
 
Registered: Mar 2003
Location: Arkansas
Distribution: Debian/Sarge
Posts: 7

Original Poster
Rep: Reputation: 0
Problem solved.

A little ignorance goes along ways sometimes. I soon discovered all packets being NAT'd have to be routed through the NAT device. So more or less it has to be your gateway But sometimes you learn more the long way around too.

Thanks for all who read this.

-renmo
 
Old 03-10-2003, 12:36 AM   #5
Pcghost
Senior Member
 
Registered: Feb 2003
Location: The Real Washington
Distribution: Ubuntu, Debian, SuSE, UnSlung, Android
Posts: 1,819

Rep: Reputation: 46
Your prerouting statement looks good. Don't forget you need that one + the forward rule+ a postrouting statement to make it fly. It worked for me.
 
Old 05-18-2003, 07:51 AM   #6
royality
LQ Newbie
 
Registered: May 2003
Posts: 5

Rep: Reputation: 0
I have 2 boxes
in 2 different isps one of the boxes ip is
212.68.149.95 this ip is blocked to most of the networks .
another ip is on a second box 192.114.144.120 which is open to the world .
i want to redirect the data from 212.68.149.95 using 192.114.144.120 which is open to the world .
(using the 192.114.144.120 on box 2 as the gateway for box1 so it can access the blocked addresses through it"
what i did is : " iptables -t nat -A PREROUTING -d 212.68.149.95 -j DNAT --to-destination 192.114.144.120 "
i even tried to forward just the tcp on port 80
iptables -t nat -A PREROUTING -p tcp -d 212.68.149.95 --dport 80 -j DNAT --to-destination 192.114.144.120:80 "
but its not working (( can anyone help ....
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables DNAT problem eantoranz Linux - Networking 2 09-12-2006 01:00 PM
iptables DNAT pshepperd Linux - Security 1 05-22-2004 03:56 PM
Iptables DNAT weirdness matta Linux - Networking 3 04-07-2004 03:11 AM
problem about iptables DNAT. zufeng Linux - Security 3 06-19-2003 09:29 AM
iptables DNAT bentz Linux - Networking 15 05-19-2003 01:17 PM


All times are GMT -5. The time now is 08:44 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration