LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page Iptables prerouting problem on dynamic ip host
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 11-25-2014, 04:48 AM   #1
hatakeK
LQ Newbie
 
Registered: Nov 2014
Posts: 2

Rep: Reputation: Disabled
Iptables prerouting problem on dynamic ip host

Hi!

I'm trying to set up a firewall/router system between external and internal network. Let's say this system has a static ip-address of 123.123.123.123, and I have a web server on the internal network with a static ip-address of 10.0.1.1. If I wanted to route incoming web requests to this web server, I could do:

Code:
~ iptables -t nat -A PREROUTING -d 123.123.123.123 -dport http -j DNAT --to-destination 10.0.1.1
But let's say I wanted my firewall/router system to use dynamic ip. How would I then route to my internal web server? For other outgoing traffic from the internal network, I set the rule:

Code:
~ iptables -t nat -A POSTROUTING -s 10.0.1.0/24 -j MASQUERADE

If I understand it correctly, both incoming traffic from the external network, and outgoing traffic from the internal network, go through prerouting(?). If so, I would have to make sure that prerouting doesn't route all web traffic from the internal network to the internal web server (like if I removed -d option in above example). I could make sure that the destination ip is that of the firewall/router system, or that the source ip is an external ip. It seems like there should be a simple solution, like MASQUERADE for outgoing postrouting, but I can't find it.
 
Old 11-25-2014, 07:18 AM   #2
hatakeK
LQ Newbie
 
Registered: Nov 2014
Posts: 2

Original Poster
Rep: Reputation: Disabled
And the answer is that I'm using two interfaces, eth0 for the external network, and eth1 for the internal network. I think it would be ok to omit the destination address then. Anyway, using static ip to avoid the problem.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables PREROUTING problem orak Linux - Networking 2 09-10-2014 08:42 AM
iptables PREROUTING , pswen Linux - Server 2 10-20-2010 03:37 AM
Squid 2.6 dynamic IP host name resolving problem nikonaum Linux - Server 3 07-29-2010 09:50 AM
Restricting Dynamic Ipaddress by based on Dynamic DNS host names karthik9110 Linux - Newbie 5 12-13-2009 11:46 PM
Iptables+prerouting niranjan_mr Linux - Networking 1 04-19-2005 12:23 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:52 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration