LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   How to do NAT in Iptables? ..(IP Public to Internal IP) (https://www.linuxquestions.org/questions/linux-networking-3/how-to-do-nat-in-iptables-ip-public-to-internal-ip-797155/)

Winanjaya 03-22-2010 07:56 PM

How to do NAT in Iptables? ..(IP Public to Internal IP)
 
How to do NAT in Iptables? ..
I am trying to NAT IP public:Port to Internal IP:Port (202.a.b.c SMTP to 172.16.1.169 SMTP) ..

could any body please help?

thanks & regards

Winanjaya

troop 03-22-2010 08:03 PM

Code:

-A PREROUTING -p udp -m udp --dport 161 -d 202.a.b.c -j DNAT --to-destination 172.16.1.169:161

Winanjaya 03-22-2010 08:18 PM

Hi Troop, I tried like that but it doesnot work.. (I meant it still cannot be reached from internet)..
Do I need something in INPUT section?

win32sux 03-22-2010 08:56 PM

Actually, the command should be more like:
Code:

iptables -t nat -A PREROUTING -p TCP -i eth0 --dport 25 -d 202.a.b.c \
-j DNAT --to-destination 172.16.1.169

And no, this wouldn't require anything be done to the INPUT chain. It would only require that IP forwarding be enabled, and that the packet gets sent to ACCEPT somewhere in the FORWARD chain. BTW, I'm moving this to Networking.

EDIT: Oh, don't forget to deal with the returning packets (which must have their IP set back to the public one):
Code:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Winanjaya 03-22-2010 09:23 PM

Hi, thanks, it still not working, what I missed? what should I check?
please help
thanks & regards

Winanjaya 03-22-2010 09:25 PM

btw .. I am using eth0 connected to internet router and eth1 to switch hub..

eth0 is on 202.a.b.e
eth1 is on 172.16.1.1

win32sux 03-22-2010 09:34 PM

Post the output of this command:
Code:

cat /proc/sys/net/ipv4/ip_forward

Winanjaya 03-22-2010 09:44 PM

the result is 1
any idea?

win32sux 03-22-2010 09:44 PM

Okay, what about the output of these:
Code:

iptables -nvL FORWARD
Code:

iptables -nvL -t nat

Winanjaya 03-22-2010 10:03 PM

[root@firewall ~]# cat /proc/sys/net/ipv4/ip_forward
1


[root@firewall ~]# iptables -nvL FORWARD
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0


[root@firewall ~]# iptables -nvL -t nat
Chain PREROUTING (policy ACCEPT 390 packets, 28481 bytes)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- eth0 * 0.0.0.0/0 202.a.b.c1 tcp dpt:25 to:172.16.1.69:25
0 0 DNAT tcp -- eth0 * 0.0.0.0/0 202.a.b.c1 tcp dpt:110 to:172.16.1.69:110


Chain POSTROUTING (policy ACCEPT 13 packets, 1219 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 13 packets, 1219 bytes)
pkts bytes target prot opt in out source destination

win32sux 03-22-2010 10:09 PM

You don't have a POSTROUTING rule.

Winanjaya 03-22-2010 10:12 PM

what should I put there regarding to my NAT?

win32sux 03-22-2010 10:14 PM

Code:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Winanjaya 03-22-2010 10:24 PM

still not working ;<( .. is it routing problem?

[root@firewall ~]# iptables -nvL -t nat
Chain PREROUTING (policy ACCEPT 390 packets, 28481 bytes)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- eth0 * 0.0.0.0/0 202.a.b.c1 tcp dpt:25 to:172.16.1.69:25
0 0 DNAT tcp -- eth0 * 0.0.0.0/0 202.a.b.c1 tcp dpt:110 to:172.16.1.69:110

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

nimnull22 03-22-2010 10:28 PM

Can you post output of the next command, please:
iptables-save


All times are GMT -5. The time now is 02:21 PM.