Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Greetings,
I'm hoping this is an easy question as I believe I've already fought through the toughest parts already!
Say private lan network of 10.0.0.X, and public network of 68.10.0.1 through 68.10.0.10, with a dual-homed Linux box at 10.0.0.1 (eth0) and 68.10.0.1 (eth1).
I've added devices eth1:2 through eth1:10 as aliases for the remaining public IP's and have several servers on the private lan mapped to these public IP's:
For nat
-A PREROUTING -d 68.10.0.5 -p tcp -m multiport --dports 25,47,80,143,443,444,587,993 -j DNAT --to 10.0.0.20
For filter
-A FORWARD -p tcp -m multiport -d 10.0.0.20 --dports 25,47,80,143,443,444,587,993 -j ACCEPT
This works great and I have all 10 IP's mapping to their respective private LAN servers.
My question is mainly for mail servers since these often require reversed DNS resolution (which are registered under their respective 68.10.0.X addresses)- mapped private servers all appear to source as from 68.10.0.1 source address vs their mapped 68.10.0.X address.
What kind of rule do I need from each server to make them appear to resolve from a different public IP? Is there anything that might break from this as the incoming traffic is filtered only as above?
Any hints, tips or feedback greatly appreciated! Thank you in advance.
Thank you for your speedy reply! The POSTROUTING rule was the missing link.
As this box is also a gateway for LAN users, I already have a topmost rule for
-A POSTROUTING -o eth1 -j MASQUERADE
...so from your example, -A wouldn't work but -I to insert this into the chain seems to do the job:
-I POSTROUTING -s 10.0.0.20 -o eth1 -j SNAT --to 68.10.0.5
Is this a good way to go or is there a preferred method or re-ordering these rules?
nah, that should do it. When you run an iptables-save (service iptables save) it will place them with -A rules in the file that is loaded, but they will be in the correct order as is currently running.
That is what I did for one of mine. I had the same -j MASQ for "general" client usage and needed to configure 1:1NAT for an internal host so used the -I to create the rule above the -j MASQ.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.