LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-19-2009, 05:54 AM   #1
atta.memon@gmail.com
LQ Newbie
 
Registered: May 2009
Posts: 1

Rep: Reputation: 0
Red face DNAT rule not working for private IP.


Hi All,

What i am trying to map a public IP to private one. my network structure is:

A firewall which has two IPs,

eth0: 10.0.0.1
eth1: 115.186.133.53

and a web server

eth0: 124.109.44.158
eth1: 10.0.0.10


what i want when any one access the public IP of firewall which is
"115.186.133.53" it should maps with private IP of webserver "10.0.0.10"
where the webserver is already configured.

Note: I have done this with public IPs means i have map them 115.186.133.53 -> 124.109.44.158 sucessfully, then what is problem with private.


Firewall OS: Ubuntu
Webserver OS: RedHat



code i have applied:
sudo iptables -A FORWARD -d 10.0.0.10 -p tcp --dport 80 -j ACCEPT
sudo iptables -A FORWARD -d 10.0.0.10 -p tcp --dport 8080 -j ACCEPT




sudo ip route add nat 115.186.133.53 via 10.0.0.10
sudo ip rule add nat 115.186.133.53 from 10.0.0.10



ip route add nat 205.254.211.17 via 192.168.100.17
ip rule add nat 205.254.211.17 from 192.168.100.17




sudo iptables -t nat -A PREROUTING -i eth1 -d 115.186.133.53 -p tcp --dport 80 -j DNAT --to-destination 10.0.0.10:8080


Can anyone help! your help will be highly appreciated. Thanks in advance.

Regards,
Atta

Last edited by atta.memon@gmail.com; 05-19-2009 at 06:04 AM.
 
Old 05-20-2009, 08:56 PM   #2
blackhole54
Senior Member
 
Registered: Mar 2006
Posts: 1,896

Rep: Reputation: 61
I have never specified nat with the ip command and don't really know what it does. But I have DNATed before and have never needed such a thing. Your DNAT command looks right to me and I would think it should be sufficient by itself ... assuming the return packets from the Webserver are sent back through the firewall. You can do this either by having the routing table of the webserver send Internet bound packets to your firewall or you can (in addition to DNAT) SNAT the incoming packets such that they appear to be coming from the firewall.

I've tried skimming the ip man page to find out what nat does. Perhaps that is intended for doing the SNAT I mentioned? You can certainly accomplish an SNAT with a rule in iptables' POSTROUTING chain. I also found this in the the ip man page and wonder whether it is relevant. (The emphasis is mine.)

Code:
               nat  - a special NAT route.  Destinations covered by the prefix
               are considered  to  be  dummy  (or  external)  addresses  which
               require  translation to real (or internal) ones before forward‐
               ing.  The addresses to  translate  to  are  selected  with  the
               attribute  Warning:  Route  NAT is no longer supported in Linux
               2.6.
I realize this post is a bit rambling, but I hope it helps anyway.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
simple DNAT iptables rule doesn't work. firatkucuk Linux - Networking 2 10-22-2007 02:35 AM
iptables problem: DNAT rule for RTP stream bbeers Linux - Security 2 11-21-2006 11:34 PM
My DNAT/port fowardin isn't working Niceman2005 Linux - Security 31 09-16-2006 10:34 PM
Problems with iptables DNAT to private IP, different port tisource Linux - Networking 1 04-13-2006 04:43 PM
DNAT not working stevesl Linux - Networking 13 05-17-2005 12:22 AM


All times are GMT -5. The time now is 10:36 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration