LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 02-18-2012, 10:29 PM   #1
sanjibgupta
Member
 
Registered: Apr 2003
Location: Kolkata
Posts: 215

Rep: Reputation: 30
DNAT help


Hi
I have a RHEL 5.0 server acting a router network which has 4 NIC
NIC1 :10.1.1.1
NIC2 : LIVE IP XXX.YYY.199.1 (XXX.YYY.199.0/24).
NIC3: 192.168.0.1 (connects to the LOCAL LAN PROXY’s)
NIC4: 192.168.15.1 (connects to all servers that are DNAT to LIVE IP from this server and it works fine)

ALL the port are MASQUERADED through NIC1 to the INTERNET

Now I have a LAN PROXY which by itself run network behind itself
i.e RHEL5 server with 2 NIC
NIC1 : 192.168.0.2 having gateway as 192.168.0.1
NIC2 :192.168.10.1 connects to local LAN

I have windows webserver running at port 80 in IP 192.168.10.8 having the gateway as 192.168.10.1

Is it possible to DNAT a live IP XXX.YYY.199.8 to this WINDOWS WEBSERVER (192.168.10.8) to port 80.

Sanjib Gupta
 
Old 02-19-2012, 04:15 PM   #2
TheMadIndian
Member
 
Registered: Dec 2007
Distribution: Fedora Slackware CentOS slax RHEL
Posts: 117

Rep: Reputation: 23
Quote:
Originally Posted by sanjibgupta View Post
Hi
I have a RHEL 5.0 server acting a router network which has 4 NIC
NIC1 :10.1.1.1
NIC2 : LIVE IP XXX.YYY.199.1 (XXX.YYY.199.0/24).
NIC3: 192.168.0.1 (connects to the LOCAL LAN PROXY’s)
NIC4: 192.168.15.1 (connects to all servers that are DNAT to LIVE IP from this server and it works fine)

ALL the port are MASQUERADED through NIC1 to the INTERNET

Now I have a LAN PROXY which by itself run network behind itself
i.e RHEL5 server with 2 NIC
NIC1 : 192.168.0.2 having gateway as 192.168.0.1
NIC2 :192.168.10.1 connects to local LAN

I have windows webserver running at port 80 in IP 192.168.10.8 having the gateway as 192.168.10.1

Is it possible to DNAT a live IP XXX.YYY.199.8 to this WINDOWS WEBSERVER (192.168.10.8) to port 80.

Sanjib Gupta
assuming NIC2 = eth1 also must before any drop rules

iptables -t nat -A PREROUTING -p tcp -i eth1 -d XXX.YYY.199.8 --dport 443 -j DNAT --to-destination 192.168.10.8
 
Old 02-19-2012, 11:31 PM   #3
sanjibgupta
Member
 
Registered: Apr 2003
Location: Kolkata
Posts: 215

Original Poster
Rep: Reputation: 30
Thanks for the reply but where do I use this rule in the 1st Server(4 cards) or the 2nd server (2 NIC)
 
Old 02-20-2012, 02:21 AM   #4
omgs
Member
 
Registered: Dec 2010
Posts: 64

Rep: Reputation: 6
It's plain that according your exposed layout, the *ONLY* server that manages live ips is the "router" (the host with 4 NICS), so putting that rule anywhere else, if ever accepted by iptables, is a wrong assumption, and that's why it should be in this router.

But there's a little "typo" in the iptables rule, because that's for https (port 443), and you want only port 80, so confirm the right NIC and replace the --dport 443 with --dport 80 and it should be fine. Then, don't forget the rule to be loaded with the rest of rules after a reboot.
 
Old 02-20-2012, 05:47 PM   #5
TheMadIndian
Member
 
Registered: Dec 2007
Distribution: Fedora Slackware CentOS slax RHEL
Posts: 117

Rep: Reputation: 23
Quote:
Originally Posted by omgs View Post
It's plain that according your exposed layout, the *ONLY* server that manages live ips is the "router" (the host with 4 NICS), so putting that rule anywhere else, if ever accepted by iptables, is a wrong assumption, and that's why it should be in this router.

But there's a little "typo" in the iptables rule, because that's for https (port 443), and you want only port 80, so confirm the right NIC and replace the --dport 443 with --dport 80 and it should be fine. Then, don't forget the rule to be loaded with the rest of rules after a reboot.
whoops

thanks
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
DNAT sanjibgupta Linux - Newbie 3 12-24-2009 09:54 AM
Iptables and DNAT _TeRmInEt_ Linux - Networking 9 11-24-2009 05:56 PM
Dnat sanjibgupta Linux - Networking 2 04-19-2007 04:56 AM
dnat kapcreations Linux - Networking 1 12-28-2004 04:12 PM
IP Tables DNAT hakcenter Linux - Networking 5 11-02-2003 10:35 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 03:22 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration