Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
11-10-2004, 08:52 AM
|
#1
|
LQ Newbie
Registered: Nov 2004
Posts: 2
Rep:
|
forwarding packets to multiple computers for different ports
Hello,
I'm almost new to linux.
I have used iptable to forward packets to a windows machine on my LAN.
with the following code
/sbin/iptables -t nat -A PREROUTING -i eth1 -j DNAT --to-destination 192.168.x.x
Where 192.168.x.x is a Local LAN computer.
Now I would like to forward packets to different windows machine on my LAN when I get request on different ports through Static IP address.
Assuming the Static IP to be 194.160.1.1
When some one requests at 194.160.1.1:port1
It should forward packets to 192.168.0.1
similarly request on 194.160.1.1:port2 should forward packets to 192.168.0.3 and so on..
Thanks.
regards,
Laxy
|
|
|
11-10-2004, 03:31 PM
|
#2
|
LQ Guru
Registered: Nov 2004
Location: San Jose, CA
Distribution: Debian, Arch
Posts: 8,507
Rep:
|
/sbin/iptables -t nat -A PREROUTING -i eth1 -j DNAT -p tcp --dport PORTN --to-destination 192.168.x.N
Where PORTN is the port to be forwarded and 192.168.x.N is the internal computer.
|
|
|
11-10-2004, 03:32 PM
|
#3
|
Member
Registered: Nov 2004
Distribution: FC1, Gentoo, Mdk 8.1, RH7-8-9, Knoppix, Zuarus rom 3.13
Posts: 98
Rep:
|
Very interesting question. Sadly iptables is not capable of this. Iptables does not allow for variables, which is what you would need to have set with some conditional logic in the rule itself.
There are plenty of so-called iptables scripts that use variables but these variables are always interpreted by the shell (bash, sh, csh, etc) long before the rule is actually added to iptables, so all iptables ever sees of these variables is the resultant output not the variable itself. <--- Probably confusing. Sorry.
You could write a do loop script that would add THOUSANDS (65,535 to be exact) of individual rules to iptables to do just what you ask... but that would bring your firewall to a screeching halt since it would have to parse all that before allowing a packet.
-b
|
|
|
11-10-2004, 03:46 PM
|
#4
|
LQ Guru
Registered: Nov 2004
Location: San Jose, CA
Distribution: Debian, Arch
Posts: 8,507
Rep:
|
I'm hoping there wasn't intent for THAT many ports. I interpreted the question as one of the syntax of iptables to make it portbased.
|
|
|
11-10-2004, 05:22 PM
|
#5
|
Member
Registered: Nov 2004
Distribution: FC1, Gentoo, Mdk 8.1, RH7-8-9, Knoppix, Zuarus rom 3.13
Posts: 98
Rep:
|
Quote:
Originally posted by Matir
I'm hoping there wasn't intent for THAT many ports. I interpreted the question as one of the syntax of iptables to make it portbased.
|
Hmm.. yeah know.. I don't know. I thought he meant any port when he said "and so on". I could very well be wrong. Course then again if he's saying 192.168.0.1, that being a class c block then the most he could hope for is forwarding from 192.168.0.2 through 254. Long way from all 65k ports eh? Still having 250ish rules would be heck on an even moderately used firewall.
Anyway I still stand by my point that iptables doesn't use variables only the results of variables.
Sorry if I introduced confusion with my confusion. :-)
-b
|
|
|
11-10-2004, 08:57 PM
|
#6
|
LQ Guru
Registered: Nov 2004
Location: San Jose, CA
Distribution: Debian, Arch
Posts: 8,507
Rep:
|
Well.... couldn't it be the class B "192.168.0.0/16"? But yes, in either case, it would not be fun for a firewall. Though my firewall has about 100 rules without any noticable lag. Mostly in the FORWARD and INPUT chains. I guess the whole chain deal helps.
|
|
|
11-11-2004, 08:57 AM
|
#7
|
LQ Newbie
Registered: Nov 2004
Posts: 2
Original Poster
Rep:
|
Quote:
posted by bignerd...Hmm.. yeah know.. I don't know. I thought he meant any port when he said "and so on".
|
Quote:
Originally posted by Matir ...I'm hoping there wasn't intent for THAT many ports. I interpreted the question as one of the syntax of iptables to make it portbased.
|
I am not sure the syntax like
/sbin/iptables -t nat -A PREROUTING -i eth1 -j DNAT -p tcp --dport PORTN --to-destination 192.168.x.N
will help for multiple different ports to forward packets to different LAN computers.
Here is my modified query.
Assuming the Static IP to be 194.160.1.1
Let the unique ports be 80,81,82
When some one requests at 194.160.1.1:80 It should forward packets to 192.168.0.1
When some one requests at 194.160.1.1:81 It should forward packets to 192.168.0.3
When some one requests at 194.160.1.1:82 It should forward packets to 192.168.0.4
and the list goes similar to the above.
If there are some iptable scripts available online then please guide me where to find a best one.OR any alternative solution for this problem
Thanks,
regards,
Laxy
Last edited by laxy_m; 11-11-2004 at 09:00 AM.
|
|
|
11-11-2004, 09:15 AM
|
#8
|
LQ Guru
Registered: Aug 2003
Location: Sydney, Australia
Distribution: Gentoo
Posts: 1,796
Rep:
|
yes the DNAT rule will do what you need
Code:
iptables -t nat -A PREROTUING -i eth1 -p tcp --dport 80 -j DNAT --to 192.168.0.1
iptables -t nat -A PREROTUING -i eth1 -p tcp --dport 81 -j DNAT --to 192.168.0.3
iptables -t nat -A PREROTUING -i eth1 -p tcp --dport 82 -j DNAT --to 192.168.0.4
|
|
|
All times are GMT -5. The time now is 02:49 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|