IPTables Help

cedricd · 01-04-2009, 11:20 PM

I am running Ubuntu 8.04, and how I want it is so that if any computer connects to the server on 10.20.117.x:445 it will forward it to 74.125.45.111:465 using <Server's IP> which is a public interface.

Any thoughts/ideas?

Code:

iptables -t nat -A PREROUTING  -p tcp -d 10.20.117.x --destination-port 465 -j DNAT --to-destination 74.125.45.111:465
iptables -t nat -A POSTROUTING -p tcp --dst 74.125.45.111 --dport 465 -j SNAT --to-source <Server's IP>
iptables -A FORWARD -p tcp -d 74.125.45.111 --dport 465 -j ACCEPT

blackhole54 · 01-05-2009, 07:52 AM

With a couple of changes (highlighted in bold below) to you first rule, I think that should work assuming that your routing table directs a destination of 74.125.45.111 out the interface you wish:

Code:

iptables -t nat -A PREROUTING  -p tcp -d 10.20.117.0/24 --destination-port 445 -j DNAT --to-destination 74.125.45.111:465

If you wish you can make your second rule more general where it will SNAT all LAN packets going out the public interface. In most cases this is what you would want:

Code:

LAN_IP=10.0.0.0/8
PUBLIC_IF=<public interface, e.g. eth1>
PUBLIC_IP=<Server's IP>

iptables -t nat -A POSTROUTING -s $LAN_IP -o $PUBLIC_IF -j SNAT --to-source $PUBLIC_IP

Adjust $LAN_IP, $PUBLIC_IF and $PUBLIC_IP as needed.

If you are unfamiliar with CIDR notation, you can read about it here. In a nutshell (quoting from the linked page):

Quote:

In CIDR notation, the number of 1.s in the binary version of the mask are counted from the left, and that number is appended to the end of the base address following a slash (/). In the example here the subnet would be listed in CIDR notation as 192.168.1.0/24.

cedricd · 01-05-2009, 11:07 PM

Thanks