Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
10-03-2011, 05:04 PM
|
#1
|
LQ Newbie
Registered: Oct 2011
Posts: 6
Rep:
|
How to change the target IP address using IPTables
I have a special situation where I need to change (mangle?) the target (destination) IP address for connections originating on an Ubuntu 11 host.
The idea is that if I browse, ssh, or ping, say 1.1.1.1, I really want it to go to 2.2.2.2.
On the hose itself I have just one rule:
iptables -t nat -A OUTPUT -d 1.1.1.1 -j DNAT --to 2.2.2.2
However, this does not work. I know I've done something like this before and it wasn't that hard. But this time I just can't get it to work nor can I find the answers.
Thanks for your help!
|
|
|
10-03-2011, 05:16 PM
|
#2
|
Member
Registered: Apr 2009
Location: Melbourne
Distribution: Fedora & CentOS
Posts: 854
Rep:
|
|
|
|
10-03-2011, 05:41 PM
|
#3
|
LQ Newbie
Registered: Oct 2011
Posts: 6
Original Poster
Rep:
|
My bad, I meant to say I entered:
iptables -t nat -A PREROUTING -d 1.1.1.1 -j DNAT --to 2.2.2.2
I tried lots of other stuff and pasted in the wrong thing previously.
|
|
|
10-04-2011, 03:40 AM
|
#4
|
Member
Registered: Apr 2009
Location: Melbourne
Distribution: Fedora & CentOS
Posts: 854
Rep:
|
Can you explain the network in a bit more detail?
Which machine are you putting the rule on? are there other rules getting in the way? ie: you probably need a rule in forward to accept the traffic.
Does the either of the machines have other rules preventing it from working?
Is there a router or something in between the two causing problems?
Whats in the logs?
Perhaps try being more specific with the rule ie:
-t nat -A PREROUTING -i $inIF -o $outIF -p tcp -m multiport --dports 22,80,etc -j DNAT --to-destination 2.2.2.2
|
|
|
10-04-2011, 11:56 AM
|
#5
|
LQ Newbie
Registered: Oct 2011
Posts: 6
Original Poster
Rep:
|
Thanks for your input fukawi1.
This is on a laptop running Ubuntu 11, not a server. It is not acting as a router. There are no other rules. It couldn't be simpler.
I realize reading the man pages and such that this seems to be for a routing (net.ipv4.conf.all.forwarding = 1), but I want iptables on this host to mangle its own destination IP from 1.1.1.1 to 2.2.2.2.
The situation is something like this, but not quite. Say you have a website at 2.2.2.2, but there are links in the html that, instead of providing a relative reference, specify the IP address incorrectly as 1.1.1.1. Well, the links won't work because the IP is wrong. But if I fake my developers laptop out to go to 2.2.2.2 whenever 1.1.1.1 is specified then it will work. This isn't the real scenario, but gives you the idea.
The thing is, I did this years ago for another situation. It may be that they way iptables works has changed since then. Or maybe I actually did it on a server acting as a linux router. But it seems like this should be able to be done on a host.
---------- Post added 10-04-11 at 11:57 AM ----------
Oh, and I tried specifying protocol, etc. It still didn't work.
Thanks.
|
|
|
10-04-2011, 09:40 PM
|
#6
|
Member
Registered: Apr 2009
Location: Melbourne
Distribution: Fedora & CentOS
Posts: 854
Rep:
|
Well im out, i cant visualise the scenario clearly, and im the type that needs to be able to do draw a mental image of whats happening.
I havent done much with iptables on a host of its own, only on a router.
Sorry pal.
|
|
|
10-04-2011, 09:54 PM
|
#7
|
LQ Newbie
Registered: Oct 2011
Posts: 6
Original Poster
Rep:
|
Thanks for trying.
|
|
|
All times are GMT -5. The time now is 10:35 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|