IPTables NAT to Windows Machine, not working when forwarding source IP

h02 · 04-09-2012, 02:47 PM

I currently have a linux machine with two interfaces - eth1 (public) eth0 (private) - and a windows machine with a private interface and a service bound to it.

I have NAT setup to forward from the linux machine to the windows machines private interface.

Here is my current iptables:

Quote:

iptables -F
iptables -t nat -F
iptables -t mangle -F

iptables -X
iptables -t nat -X
iptables -t mangle -X

iptables -A FORWARD -i eth0 -j ACCEPT

iptables -t nat -A PREROUTING -i eth1 -d 216.245.192.38 -j DNAT --to-destination 10.4.11.54
iptables -A FORWARD -p udp -m multiport --dports 7777,7778 -j ACCEPT

The windows server is configured to use the linux machine as a gateway.

Currently the windows server is succsesfully receiving the packets, and it is attempting to send a reply, but the linux machine is not receiving the reply from the windows machine.

When i used this:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Everything worked, but it forwarded the linux servers private IP and not the original source public IP. I am trying to get it to work forwarding the public IP to the windows server.

Any help would be appreciated!

nikmit · 04-11-2012, 03:24 AM

Since the packets are getting all the way to the windows machine, I assume you have configured the forwarded IP address as a secondary IP on eth1. (you might want to mask it out in your post)

What is the output of iptables -t nat -L -v -n and iptables -L -v -n - do all of your rules see traffic?
What is the output of tcpdump -i eth0 host 10.4.11.54?

Nik

h02 · 04-18-2012, 11:32 AM

There was a problem in the datacenter preventing this action on the private LAN, installed a crossover cable and no other problems.