LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 12-12-2005, 08:24 PM   #1
MarleyGPN
Member
 
Registered: Apr 2003
Location: Vail, CO
Posts: 73

Rep: Reputation: 15
iptables 1 to 1 DNAT routing problem


Hi there,

I have one to one DNAT routing working well, up to a point. The computers can connect to each other through their public ip addresses when they need to, and they see the public ip as source when this happens, not the private one. The problem I am having is when I try to connect to the actual linux server using its public ip from inside my network. The linux server sees the private ip not the public one when I try this. For example let say the server is on 65.23.45.2 on eth0 (not including the other public ip's aliased) and the network on eth1 is 10.222.4.0/24. I have a one to one DNAT map of the public ip addresses to private ones. so if I ping 65.23.45.4 from one computer on the internal network to 65.23.45.3. They both see each other using the public ip as if the where directly connected to the internet. If I try and connect to 65.24.45.2 which is my linux server. It sees the private ip from my internal host which for example would be 10.222.4.5 rather then 65.23.45.3.

I have a reason for wanting the linux server to respond by its public ip rather then private one from inside my network. One of these is getting Steam to work when I run a public counter-strike source server on that same linux server. It works fine on normal nat but not one to one mapping. I searched the steam forums and found this.

quote from steampowered forums:
{
The bottom line is that one of these two things must be true:

a. The IP that the Game Server sees you connecting from is the same IP that the Steam network sees you connecting from, or

b. It must appear to Steam that your Client and the Game Server are using the same IP (you are both behind the same NAT).

If you are unable to meet these requirements then your network will be incompatible with Steam.
}


option b there works when I have normal nat because steam sees both the server and the client on the same public ip.

I need to be able to use option a. The problem is that the Steam auth sees my ip as 65.23.45.3 and my server sees 10.222.4.5, which does not match so it drops me. I need the server to see 65.23.45.3 so it can work and not 10.222.4.5.

If you guys have any ideas please let me know. Ive been tinkering with iptables all day trying to figure out how to change the source address before my counter-strike server sees it so that it thinks its coming from 65.23.45.3 for example, and not 10.222.4.5.

Here is a copy/paste of what I have on my nat tables

Chain PREROUTING (policy ACCEPT 652K packets, 39M bytes)
pkts bytes target prot opt in out source destination
1498 118K DNAT all -- * * 0.0.0.0/0 82.165.145.140 to:10.216.228.216
399 28974 DNAT all -- * * 0.0.0.0/0 82.165.145.141 to:10.216.228.232
295 16676 DNAT all -- * * 0.0.0.0/0 82.165.145.165 to:10.216.228.217

Chain POSTROUTING (policy ACCEPT 46883 packets, 2861K bytes)
pkts bytes target prot opt in out source destination
5132 272K SNAT all -- * * 10.216.228.217 0.0.0.0/0 to:82.165.145.165
0 0 SNAT all -- * * 10.216.228.232 0.0.0.0/0 to:82.165.145.141
2017 106K SNAT all -- * * 10.216.228.216 0.0.0.0/0 to:82.165.145.140
306 17981 SNAT all -- * eth0 0.0.0.0/0 0.0.0.0/0 to:82.165.183.194

Chain OUTPUT (policy ACCEPT 51598 packets, 2832K bytes)
pkts bytes target prot opt in out source destination
619 26202 DNAT all -- * * 0.0.0.0/0 82.165.145.140 to:10.216.228.216
11 812 DNAT all -- * * 0.0.0.0/0 82.165.145.165 to:10.216.228.217
3 252 DNAT all -- * * 0.0.0.0/0 82.165.145.141 to:10.216.228.232

These ip's are diffrent than the examples I gave

Thank you,
MarleyGPN

Last edited by MarleyGPN; 12-12-2005 at 08:25 PM.
 
Old 12-12-2005, 08:53 PM   #2
Brian1
LQ Guru
 
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that. Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700

Rep: Reputation: 65
Check out this post. Thanks to Capt. Caveman here.
http://www.linuxquestions.org/questi...26#post1942926
http://www.netfilter.org/documentati...-HOWTO-10.html

Hope this helps.
Brian1
 
Old 12-12-2005, 10:19 PM   #3
MarleyGPN
Member
 
Registered: Apr 2003
Location: Vail, CO
Posts: 73

Original Poster
Rep: Reputation: 15
I came across that before and tried it. I just can't figure out how to fit that with my scenario. I been playing with it but steam still see's the internal ip's rather than the external ones.
 
Old 12-13-2005, 05:24 PM   #4
Brian1
LQ Guru
 
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that. Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700

Rep: Reputation: 65
Post iptables script.

Brian1
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables DNAT problem eantoranz Linux - Networking 2 09-12-2006 02:00 PM
iptables DNAT redirect to web server problem mitzadej Linux - Networking 6 11-27-2005 11:59 AM
Strange problem about iptables DNAT. zufeng Linux - Networking 1 06-28-2003 12:09 PM
problem about iptables DNAT. zufeng Linux - Security 3 06-19-2003 10:29 AM
iptables DNAT bentz Linux - Networking 15 05-19-2003 02:17 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:54 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration