How to do NAT in Iptables? ..(IP Public to Internal IP)
How to do NAT in Iptables? ..
I am trying to NAT IP public:Port to Internal IP:Port (202.a.b.c SMTP to 172.16.1.169 SMTP) .. could any body please help? thanks & regards Winanjaya |
Code:
-A PREROUTING -p udp -m udp --dport 161 -d 202.a.b.c -j DNAT --to-destination 172.16.1.169:161 |
Hi Troop, I tried like that but it doesnot work.. (I meant it still cannot be reached from internet)..
Do I need something in INPUT section? |
Actually, the command should be more like:
Code:
iptables -t nat -A PREROUTING -p TCP -i eth0 --dport 25 -d 202.a.b.c \ EDIT: Oh, don't forget to deal with the returning packets (which must have their IP set back to the public one): Code:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE |
Hi, thanks, it still not working, what I missed? what should I check?
please help thanks & regards |
btw .. I am using eth0 connected to internet router and eth1 to switch hub..
eth0 is on 202.a.b.e eth1 is on 172.16.1.1 |
Post the output of this command:
Code:
cat /proc/sys/net/ipv4/ip_forward |
the result is 1
any idea? |
Okay, what about the output of these:
Code:
iptables -nvL FORWARD Code:
iptables -nvL -t nat |
[root@firewall ~]# cat /proc/sys/net/ipv4/ip_forward
1 [root@firewall ~]# iptables -nvL FORWARD Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 [root@firewall ~]# iptables -nvL -t nat Chain PREROUTING (policy ACCEPT 390 packets, 28481 bytes) pkts bytes target prot opt in out source destination 0 0 DNAT tcp -- eth0 * 0.0.0.0/0 202.a.b.c1 tcp dpt:25 to:172.16.1.69:25 0 0 DNAT tcp -- eth0 * 0.0.0.0/0 202.a.b.c1 tcp dpt:110 to:172.16.1.69:110 Chain POSTROUTING (policy ACCEPT 13 packets, 1219 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 13 packets, 1219 bytes) pkts bytes target prot opt in out source destination |
You don't have a POSTROUTING rule.
|
what should I put there regarding to my NAT?
|
Code:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE |
still not working ;<( .. is it routing problem?
[root@firewall ~]# iptables -nvL -t nat Chain PREROUTING (policy ACCEPT 390 packets, 28481 bytes) pkts bytes target prot opt in out source destination 0 0 DNAT tcp -- eth0 * 0.0.0.0/0 202.a.b.c1 tcp dpt:25 to:172.16.1.69:25 0 0 DNAT tcp -- eth0 * 0.0.0.0/0 202.a.b.c1 tcp dpt:110 to:172.16.1.69:110 Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 MASQUERADE tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination |
Can you post output of the next command, please:
iptables-save |
All times are GMT -5. The time now is 02:21 PM. |