LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 04-23-2015, 04:11 AM   #1
wimo
LQ Newbie
 
Registered: Apr 2015
Posts: 7

Rep: Reputation: Disabled
NAT and ip forward( Only one rule executed)


For a particular system that i have, i need to configure some NAT rules:
iptables -t nat -I PREROUTING -d 192.168.150.4 -j DNAT --to 10.11.16.3
iptables -t nat -I PREROUTING -d 192.168.150.3 -j DNAT --to 10.11.8.3
iptables -t nat -I PREROUTING -d 10.11.12.3 -j DNAT --to 192.168.1.10
iptables -t nat -I PREROUTING -d 10.12.12.3 -j DNAT --to 192.168.1.11
After configure thid rules i enable IP forwarding using
echo 1 > /proc/sys/net/ipv4/ip_forward

The problem that i have is that only the first rule is executed. The other rules do not work any idea?
 
Old 04-23-2015, 07:14 AM   #2
lazydog
Senior Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,249
Blog Entries: 3

Rep: Reputation: 194Reputation: 194
Look to make sure they were applied.

Code:
iptables -nL
 
1 members found this post helpful.
Old 04-24-2015, 02:19 AM   #3
wimo
LQ Newbie
 
Registered: Apr 2015
Posts: 7

Original Poster
Rep: Reputation: Disabled
Using iptable -t nat -L i can see:

Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT all -- anywhere nat.local to:192.168.1.11
DNAT all -- anywhere nat to:192.168.1.10
DNAT all -- anywhere nat.local to:10.11.8.3
DNAT all -- anywhere nat.local to:10.11.16.3

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

I am using wireshark to check that only the first rule is applied.
 
Old 04-24-2015, 09:07 AM   #4
lazydog
Senior Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,249
Blog Entries: 3

Rep: Reputation: 194Reputation: 194
please use CODE tages to keep everything in line like so:

This is what you should be seeing if the rules were appliced correctly.

Code:
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DNAT       all  --  anywhere             10.12.12.3           to:192.168.1.11
DNAT       all  --  anywhere             10.12.12.3           to:192.168.1.11
DNAT       all  --  anywhere             10.11.12.3           to:192.168.1.10
DNAT       all  --  anywhere             192.168.150.3        to:10.11.8.3
DNAT       all  --  anywhere             192.168.150.4        to:10.11.16.3
Not sure what you did but you should clear the ones you already have and then reapply the ones listed above exactly as they are listed above.
 
Old 04-27-2015, 04:08 AM   #5
wimo
LQ Newbie
 
Registered: Apr 2015
Posts: 7

Original Poster
Rep: Reputation: Disabled
How should i introduce this rules?. I think that there are not an error in my commands.
 
Old 04-27-2015, 08:21 AM   #6
lazydog
Senior Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,249
Blog Entries: 3

Rep: Reputation: 194Reputation: 194
How many interfaces are on this device and which network is connected to which interface?
 
Old 04-27-2015, 08:33 AM   #7
wimo
LQ Newbie
 
Registered: Apr 2015
Posts: 7

Original Poster
Rep: Reputation: Disabled
i Have three network interfaces:

Code:
eth0 10.11.12.3 
eth0:1 10.12.12.3  
eth1 192.168.150.4 
eth2 192.168.150.3
 
Old 04-27-2015, 08:48 AM   #8
lazydog
Senior Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,249
Blog Entries: 3

Rep: Reputation: 194Reputation: 194
OK, what are the NAT rules being used for? Traffic leaving the system on those interfaces?
 
Old 04-27-2015, 08:59 AM   #9
wimo
LQ Newbie
 
Registered: Apr 2015
Posts: 7

Original Poster
Rep: Reputation: Disabled
Itís a little difficult to explain.

I have two equipment which have fixed IP address( in different subnet), I need to communicate the equipment using a particular communication protocol. I use a PC which have communication with the two equipment to redirect messages from EQ1 to EQ2 and from EQ2 to EQ1
 
Old 04-27-2015, 02:02 PM   #10
lazydog
Senior Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,249
Blog Entries: 3

Rep: Reputation: 194Reputation: 194
The problem with your rules is they are applied to all interfaces. Waht you need to do is only apply the rules thatneed to be used on the interface. Please give me a diagram of your network layout and what ip addresses are where.
 
Old 04-28-2015, 03:43 AM   #11
wimo
LQ Newbie
 
Registered: Apr 2015
Posts: 7

Original Poster
Rep: Reputation: Disabled
Please find attached a diagram of my network layout.

Could i use iptable-save and iptable-apply to manually generate the file that i need?
Attached Thumbnails
Click image for larger version

Name:	Net.png
Views:	13
Size:	23.5 KB
ID:	18280  
 
Old 04-28-2015, 08:17 AM   #12
lazydog
Senior Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,249
Blog Entries: 3

Rep: Reputation: 194Reputation: 194
Are you the network admin? If not have you talked to the network admin about what you are trying to do? This is a simple network routing setup and done. No need to go through your PC to connect the two. I was under the impression (wrongly) that you had to network separated by the PC which isn't the case.
 
Old 04-28-2015, 09:22 AM   #13
wimo
LQ Newbie
 
Registered: Apr 2015
Posts: 7

Original Poster
Rep: Reputation: Disabled
I am the network admin. The problem is that due to different reason i can not modify the configuration of the equipment neither routers. I only can modify the configuration of the NAT server PC.
 
Old 04-28-2015, 11:44 AM   #14
lazydog
Senior Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,249
Blog Entries: 3

Rep: Reputation: 194Reputation: 194
Then set a route on both machine to point traffic for the other to the PC. PC will act as the router then for you.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] nat forward openvpn qwertyjjj Linux - Newbie 8 01-08-2010 04:51 AM
NAT rule not working. any help Franxez Linux - Networking 1 11-04-2009 02:41 PM
Iptables rule for SMTP on NAT mblames Linux - Networking 4 02-15-2007 11:08 PM
a little help needed for adding nat rule cutejai Linux - Networking 1 12-16-2005 06:14 PM
NAT Rule for FTP failing raja_lucky22 Linux - Security 2 07-04-2005 10:31 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 02:38 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration