Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 11-25-2014, 04:48 AM   #1
LQ Newbie
Registered: Nov 2014
Posts: 2

Rep: Reputation: Disabled
Iptables prerouting problem on dynamic ip host


I'm trying to set up a firewall/router system between external and internal network. Let's say this system has a static ip-address of, and I have a web server on the internal network with a static ip-address of If I wanted to route incoming web requests to this web server, I could do:

~ iptables -t nat -A PREROUTING -d -dport http -j DNAT --to-destination
But let's say I wanted my firewall/router system to use dynamic ip. How would I then route to my internal web server? For other outgoing traffic from the internal network, I set the rule:

~ iptables -t nat -A POSTROUTING -s -j MASQUERADE

If I understand it correctly, both incoming traffic from the external network, and outgoing traffic from the internal network, go through prerouting(?). If so, I would have to make sure that prerouting doesn't route all web traffic from the internal network to the internal web server (like if I removed -d option in above example). I could make sure that the destination ip is that of the firewall/router system, or that the source ip is an external ip. It seems like there should be a simple solution, like MASQUERADE for outgoing postrouting, but I can't find it.
Old 11-25-2014, 07:18 AM   #2
LQ Newbie
Registered: Nov 2014
Posts: 2

Original Poster
Rep: Reputation: Disabled
And the answer is that I'm using two interfaces, eth0 for the external network, and eth1 for the internal network. I think it would be ok to omit the destination address then. Anyway, using static ip to avoid the problem.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables PREROUTING problem orak Linux - Networking 2 09-10-2014 08:42 AM
iptables PREROUTING , pswen Linux - Server 2 10-20-2010 03:37 AM
Squid 2.6 dynamic IP host name resolving problem nikonaum Linux - Server 3 07-29-2010 09:50 AM
Restricting Dynamic Ipaddress by based on Dynamic DNS host names karthik9110 Linux - Newbie 5 12-13-2009 11:46 PM
Iptables+prerouting niranjan_mr Linux - Networking 1 04-19-2005 12:23 PM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 12:49 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration