LinuxQuestions.org
Review your favorite Linux distribution.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page [SOLVED] NAT question: clients preroute with the internal IP
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 12-08-2010, 04:46 AM   #1
barghota
Member
 
Registered: Jul 2003
Location: Cairo, Egypt
Distribution: CentOS, RHEL, Debian, FreeBSD
Posts: 94

Rep: Reputation: 38
NAT question: clients preroute with the internal IP

Hello folks,

I have a debian box with 2 NICs, on NIC with a public IP and directly connected to the internet, the other NIC is connected to the internal LAN. This box is responsible for firewall and NAT-ing.

I have these set of rules:

Quote:
# iptables-save

... output omited ...
*nat
:PREROUTING ACCEPT [606190:49471309]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [11340:893364]
-A PREROUTING -d my.public.ip.address -j DNAT --to-destination 192.168.0.220
... output omited ...
*filter
:INPUT ACCEPT [227823:212541623]
:FORWARD ACCEPT [24506610:16645789415]
:OUTPUT ACCEPT [13080680:15040350756]
-A FORWARD -d my.public.ip.address -j ACCEPT
... output omited ...
Which DNAT anything coming to the specified public IP address to the internal server.

The issue I am facing is that when a host from the internet tries to connect to this NAT-ted server, the client's IP for that host is the internal IP address of my debian box; But I want the client's IP to appear the real client's IP address.

Anyone have any ideas how to fix this issue?

Any advice is very much appreciated.
 
Old 12-08-2010, 05:02 AM   #2
barghota
Member
 
Registered: Jul 2003
Location: Cairo, Egypt
Distribution: CentOS, RHEL, Debian, FreeBSD
Posts: 94

Original Poster
Rep: Reputation: 38
Never mind, I found the default policy of POSTROUTING to be masquerade, which means all forwarded packets will appear to come from the masquerading host.

Issue fixed...
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
pptp multiple clients behind iptables nat saf Linux - Networking 4 08-06-2012 02:43 PM
problem with offline files on NAT clients latenights Linux - Networking 0 12-01-2008 11:09 AM
newbie cant connect to clients VPN through my NAT. wachaca Linux - Networking 7 11-26-2008 08:32 AM
Clients not working properly with NAT bratch Linux - Networking 1 07-29-2007 01:53 PM
blocking some port for NAT clients freelinuxcpp Linux - Networking 2 02-14-2004 05:06 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 04:46 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration