Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a iptables issue, environment as follow:
1, Server R - 192.168.0.1 (ext. router) , ext ip (202.123.123.1)
2, Server W - 192.168.0.21 (web server)
Server R need a NAT.(ipforward)
Server W serve the portforward(port 80) from Server R
I have succesfully setup the prerouting and postrouting via the following iptables command:
/sbin/iptables -t nat -A POSTROUTING -j MASQUERADE
But, my web server's log, all the web request are using Server R's ipaddress 192.168.0.1 for recording(httpd.access log), so I can't get the external ip...
I think it's postrouting problems, but I can't find out the solutions event using SNAT(maybe wrong config), I think the MASQUERADE changing all the source ip.
I have a iptables issue, environment as follow:
1, Server R - 192.168.0.1 (ext. router) , ext ip (202.123.123.1)
2, Server W - 192.168.0.21 (web server)
Server R need a NAT.(ipforward)
Server W serve the portforward(port 80) from Server R
I have succesfully setup the prerouting and postrouting via the following iptables command:
/sbin/iptables -t nat -A POSTROUTING -j MASQUERADE
But, my web server's log, all the web request are using Server R's ipaddress 192.168.0.1 for recording(httpd.access log), so I can't get the external ip...
I think it's postrouting problems, but I can't find out the solutions event using SNAT(maybe wrong config), I think the MASQUERADE changing all the source ip.
Please help!!!
if server R 192.168.0.1 = eth0 and 202.123.123.1 = eth1
I wanner 192.168.0.1 be a external guest ip address...
Seems the Postrouting changing the source ipaddress. I'm using another router for port forward, it can show the external ip address from my web server...
I wanner 192.168.0.1 be a external guest ip address...
Seems the Postrouting changing the source ipaddress. I'm using another router for port forward, it can show the external ip address from my web server...
So strange..
You're running what I sent you as a script and as root correct?
I just ran that script on F11 and F13 and Centos5 and it works and I'm forwarding currently from my F13 router to a windows IIS6 server
note I did change to port 443 because my ISP doesnt allow port 80 on the cable modem so to test external IP getting through I had to use 443
You're running what I sent you as a script and as root correct?
I just ran that script on F11 and F13 and Centos5 and it works and I'm forwarding currently from my F13 router to a windows IIS6 server
note I did change to port 443 because my ISP doesnt allow port 80 on the cable modem so to test external IP getting through I had to use 443
Quote from http://www.billauer.co.il/ipmasq-html.html. 14 The wrong way to masquerade
iptables -t nat -A POSTROUTING -j MASQUERADE
This makes masquerading the default policy for any outgoing packet
... including any forwarded packet.
All forwarded packets will appear to come from the masquerading host.
May confuse firewalls
Even worse, may confuse service applications to compromise security
That's why the web redirection is done after running this script. All forwarded packets will appear to come from the masquerading host. So, that's why I only see "192.168.0.1" in all logs..
Even using your script, it's still fail.
Is it the routing problems?
Quote:
Originally Posted by leosophy
Service iptables status (Your script)
Code:
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
Table: nat
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 DNAT tcp -- 0.0.0.0/0 202.123.123.1 tcp dpt:80 to:192.168.0.21:80
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.