iptables port forwarding

DoDo1975 · 06-01-2007, 01:58 PM

Hi,

I am trying to use iptables to forward ftp protocol through my NAT box but I am worried about what happens with DHCP. I have a startup script:

/sbin/iptables -t nat -A PREROUTING -p $proto -d XXX.XXX.XXX.XXX --dport $low:$high -j DNAT --to-destination $ip
/sbin/iptables -t nat -A OUTPUT -p $proto -d XXX.XXX.XXX.XXX --dport $low:$high -j DNAT --to-destination $ip

The problem being that when my WAN interface is setup to use dhcp, the script may run before there is an IP. I have tried replacing the IP with the interface name, but I am unsure how this will affect the forward? Can someone help?

FMC · 06-03-2007, 11:17 AM

You can write a script to first find a DHCP server, configure the interface and just create the rules when the IP is up.

But if you change IP by interface it will probably work too, this is the best way and I can see no problem with it, just try out!

[]'s, FMC!