Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
12-12-2005, 08:24 PM
|
#1
|
Member
Registered: Apr 2003
Location: Vail, CO
Posts: 73
Rep:
|
iptables 1 to 1 DNAT routing problem
Hi there,
I have one to one DNAT routing working well, up to a point. The computers can connect to each other through their public ip addresses when they need to, and they see the public ip as source when this happens, not the private one. The problem I am having is when I try to connect to the actual linux server using its public ip from inside my network. The linux server sees the private ip not the public one when I try this. For example let say the server is on 65.23.45.2 on eth0 (not including the other public ip's aliased) and the network on eth1 is 10.222.4.0/24. I have a one to one DNAT map of the public ip addresses to private ones. so if I ping 65.23.45.4 from one computer on the internal network to 65.23.45.3. They both see each other using the public ip as if the where directly connected to the internet. If I try and connect to 65.24.45.2 which is my linux server. It sees the private ip from my internal host which for example would be 10.222.4.5 rather then 65.23.45.3.
I have a reason for wanting the linux server to respond by its public ip rather then private one from inside my network. One of these is getting Steam to work when I run a public counter-strike source server on that same linux server. It works fine on normal nat but not one to one mapping. I searched the steam forums and found this.
quote from steampowered forums:
{
The bottom line is that one of these two things must be true:
a. The IP that the Game Server sees you connecting from is the same IP that the Steam network sees you connecting from, or
b. It must appear to Steam that your Client and the Game Server are using the same IP (you are both behind the same NAT).
If you are unable to meet these requirements then your network will be incompatible with Steam.
}
option b there works when I have normal nat because steam sees both the server and the client on the same public ip.
I need to be able to use option a. The problem is that the Steam auth sees my ip as 65.23.45.3 and my server sees 10.222.4.5, which does not match so it drops me. I need the server to see 65.23.45.3 so it can work and not 10.222.4.5.
If you guys have any ideas please let me know. Ive been tinkering with iptables all day trying to figure out how to change the source address before my counter-strike server sees it so that it thinks its coming from 65.23.45.3 for example, and not 10.222.4.5.
Here is a copy/paste of what I have on my nat tables
Chain PREROUTING (policy ACCEPT 652K packets, 39M bytes)
pkts bytes target prot opt in out source destination
1498 118K DNAT all -- * * 0.0.0.0/0 82.165.145.140 to:10.216.228.216
399 28974 DNAT all -- * * 0.0.0.0/0 82.165.145.141 to:10.216.228.232
295 16676 DNAT all -- * * 0.0.0.0/0 82.165.145.165 to:10.216.228.217
Chain POSTROUTING (policy ACCEPT 46883 packets, 2861K bytes)
pkts bytes target prot opt in out source destination
5132 272K SNAT all -- * * 10.216.228.217 0.0.0.0/0 to:82.165.145.165
0 0 SNAT all -- * * 10.216.228.232 0.0.0.0/0 to:82.165.145.141
2017 106K SNAT all -- * * 10.216.228.216 0.0.0.0/0 to:82.165.145.140
306 17981 SNAT all -- * eth0 0.0.0.0/0 0.0.0.0/0 to:82.165.183.194
Chain OUTPUT (policy ACCEPT 51598 packets, 2832K bytes)
pkts bytes target prot opt in out source destination
619 26202 DNAT all -- * * 0.0.0.0/0 82.165.145.140 to:10.216.228.216
11 812 DNAT all -- * * 0.0.0.0/0 82.165.145.165 to:10.216.228.217
3 252 DNAT all -- * * 0.0.0.0/0 82.165.145.141 to:10.216.228.232
These ip's are diffrent than the examples I gave
Thank you,
MarleyGPN
Last edited by MarleyGPN; 12-12-2005 at 08:25 PM.
|
|
|
12-12-2005, 08:53 PM
|
#2
|
LQ Guru
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that.
Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700
Rep:
|
|
|
|
12-12-2005, 10:19 PM
|
#3
|
Member
Registered: Apr 2003
Location: Vail, CO
Posts: 73
Original Poster
Rep:
|
I came across that before and tried it. I just can't figure out how to fit that with my scenario. I been playing with it but steam still see's the internal ip's rather than the external ones.
|
|
|
12-13-2005, 05:24 PM
|
#4
|
LQ Guru
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that.
Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700
Rep:
|
Post iptables script.
Brian1
|
|
|
All times are GMT -5. The time now is 05:54 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|