LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 11-10-2003, 02:38 PM   #1
peok
Member
 
Registered: Aug 2003
Location: CA, USA
Distribution: (Almost) LFS 6.1.1
Posts: 91

Rep: Reputation: 15
quick iptables question


this should be pretty basic, just trying to understand iptable here. if I've got:

|Internet|<-->(eth0)|Firewall|(eth1)<-->|Internal Computers|

If I want to get to an internal computer from the internet, won't it be sent to the firewall's ip making the firewall think its for itself, not a computer on the internal lan?

So lets say I was on outside the internal lan, and I wanted to get in to a specific computer, lets say 192.168.1.5 on port 50 via tcp on the eth1 side, but I wanted to get to it by going to eth0 at port 60 via tcp, how would I do this?

Sorry I couldn't get this out of the man pages and tutorials, but its very confusing to me.
 
Old 11-10-2003, 03:47 PM   #2
Dewar
Member
 
Registered: Sep 2003
Location: Washington State
Distribution: SuSE 8.0, SuSE 9.0, Slack 9.1
Posts: 90

Rep: Reputation: 15
The short answer is putting the following command in a start up script

Code:
iptables -t nat -I PREROUTING -i eth0 -p tcp --dport  60 -j DNAT --to 192.168.1.5:50
Now for the long explanation....

(-t nat): Tells the iptables command that you're looking at the Network Address Translation tables

(-I PREROUTING): Tells the iptables command that you want to insert this command at the start of the PREROUTING section

(-i eth0) Incomming Address for packets

(-p tcp) Protocol

(--dport 60) Destination port on the firewall

(-j DNAT) Do some Destination Network Address Translation

(--to 192.168.1.5:50) Send it to 192.168.1.5 on port 50


Hope that helps

-Derek
 
Old 11-10-2003, 03:51 PM   #3
peok
Member
 
Registered: Aug 2003
Location: CA, USA
Distribution: (Almost) LFS 6.1.1
Posts: 91

Original Poster
Rep: Reputation: 15
thanks derek, it does! I think I get it now
 
Old 11-10-2003, 04:08 PM   #4
peok
Member
 
Registered: Aug 2003
Location: CA, USA
Distribution: (Almost) LFS 6.1.1
Posts: 91

Original Poster
Rep: Reputation: 15
wait... when a packet comes into the box, does it automatically go to all 3 tables, filter, nat, and mangle, or does it go just to filter?
 
Old 11-11-2003, 02:17 PM   #5
chtthies
LQ Newbie
 
Registered: Nov 2003
Posts: 10

Rep: Reputation: 0
How can I delete this entry?
I have entered it asthe example above

[root@bmgarg root]# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp dpt:110 to:90.0.0.111:110

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- 90.0.0.0/8 anywhere to:10.0.0.1


Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@bmgarg root]#
 
Old 11-11-2003, 02:29 PM   #6
warath
Member
 
Registered: Oct 2001
Location: Ontario, Canada
Distribution: Redhat 9
Posts: 43

Rep: Reputation: 15
Use the same rule, but replace the -I (insert) with -D (delete)
 
Old 11-11-2003, 02:34 PM   #7
warath
Member
 
Registered: Oct 2001
Location: Ontario, Canada
Distribution: Redhat 9
Posts: 43

Rep: Reputation: 15
Go here to read about the path a packet takes.
http://www.faqs.org/docs/iptables/tr...goftables.html
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Quick iptables Question... Darvocet Linux - Software 2 06-02-2005 01:35 PM
iptables syntax quick question abcampa Linux - Security 1 05-03-2005 08:03 AM
Quick iptables question... FlyingMoose Linux - Networking 2 08-01-2003 11:35 PM
Quick Iptables question moger Linux - General 1 01-01-2003 02:23 PM
Quick Q's on IPTables/Masq tarballed Linux - Security 5 12-15-2002 05:47 AM


All times are GMT -5. The time now is 03:28 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration