So far, I've just been using 0/0 for the source, since I figured allowing anything would rule out a few problems, I could always lock it down better later anyways.
Network Setup:
Code:
1.1.1.254 1.1.1.253
+---+ +--------------------------------+
| D | | Linksys Wireless Router WRT54G |
| S | | |
| L | |(LAN1)(LAN2)(LAN3)(LAN4) (WAN)|
| | +--^-----^-----^-----------------+
| M | | | |
| O | | | | +-------------+
| D | | | | + Windows Box |
| E | | | +----------+ 1.1.1.4 |
| M |-----------+ | +-------------+
| | |
+---+ | +-----------+
+----------------+ Linux Box |
| 1.1.1.1 |
+-----------+
Basically, I've just got my modem forwarding what I need to my linux computer's IP. I'd like to eventually forward all incoming to my linux computer, and then redirect/forward it to anywhere else on my network I need to. I know it's not ideal to use a single cable for routing, but my max bandwidth usage for that is going to be 786k -- so I don't think it's gonna really matter. I would just use my modem's build in natting, but everytime you change something, you have to restart it. As you might guess, that is extremely annoying. So far, I've tried adapting other people's example NAT firewalling scripts, but have managed to fail miserably.
Here is my iptables stuff as is (as applicable to my question):
Code:
iptables -t nat -I PREROUTING --src 0/0 --dst 1.1.1.1 -p tcp --dport 6112 -j DNAT --to-destination 127.0.0.1
iptables -t nat -I PREROUTING --src 0/0 --dst 127.0.0.1 -p tcp --dport 6112 -j DNAT --to-destination 1.1.1.1
Obviously, that didn't work because I've got no interface translation anywhere in there, so I tried something like this to put it on the lo0. I changed the port to 6113, so that it wouldn't confuse itself with any other packets, and it would be easier to filter back out, I figured I could just retranslate it to 6112 before I sent it out. Basically, I don't have a clue how to do these rules, and most information about iptables is extremely confusing to me.
Code:
iptables -A FORWARD -s 0/0 -i eth0 -d 1.1.1.1 -o lo0 -p TCP --dport 6113 -j ACCEPT
I was thinking something like this might work:
Code:
iptables -t nat -A PREROUTING -p tcp -d 127.0.0.1 --dport 6113 -j DNAT --to-destination 1.1.1.4:6112
But it didn't :/ I'm sure it's something simple I'm missing, but I've yet to spot it. Most sites I've run into expect you to know everything there is to know about iptables, then they point a couple things out, and slap an example up. Usually it's overly complex for what I'm trying to achieve. Once I have it where I can forward traffic to my other machine, I'm just going to set it up to throw out all other incoming traffic.
(Granted, I've found two very good sites for reference, but they only really show how the command syntax is, they don't go into detail how one might apply such information)
This way, I can essentially move my NATing off of my DSL modem. Most things that require incoming ports are on my linux computer, I only really want to forward a handful of stuff to my windows machine, but in those cases where something needs to be quickly forwarded, I don't want to have to stop everything I'm doing, disconnect from everything, edit modem config, restart, etc.
Once again, many thanks for your time.