Ok, after 12 hours, Im in need of some advise
I have a very simple iptable configuration that is working for me with one minor issue -- First, some background:
Linux fire/wall router Linux 2.4.20
iptables 1.2.7a
ETH0 - External - X.X.X.251 - using PPPOE (ADSL)
ETH1 - Internal - X.X.X.254
$PPPOEIP = the actual IP address as dynamically provided after ADSL-START
I have an email and web server on X.X.X.1
All browsing and masquerading for the network is working fine.
I can IP port forward 80 all day long with the following entries
iptables -t nat -A PREROUTING --dst $PPPOEIP -p tcp --dport 80 -j DNAT --to-destination X.X.X.1
iptables -t nat -A POSTROUTING -p tcp --dst X.X.X.1 --dport 80 -j SNAT --to-source $PPPOEIP
This works great. ( I tried many different variations and this is the only one I could get to work)
Now the issue... since I know the PPPOE address from ifconfig I can use the actual IP address, what I want to do is use either --in-interface ppp0 or -i ppp0 instead of -dst $PPPOEIP as that IP ($PPPOEIP) is dynamic and if the ADSL connection reboots, that IP will no longer be valid and my port forwarding will be broke until I can change the table.
I tried the following to no avail
iptables -t nat -A PREROUTING --dst X.X.X.251 -p tcp --dport 80 -j DNAT --to-destination X.X.X.1
iptables -t nat -A PREROUTING --dst X.X.X.254 -p tcp --dport 80 -j DNAT --to-destination X.X.X.1
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination X.X.X.1
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 80 -j DNAT --to-destination X.X.X.1
iptables -t nat -A PREROUTING --in-interface ppp0 -p tcp --dport80 -j DNAT --to-destination X.X.X.1
any ideas??? (worst case, could write a script to grab the ppp0 ip address after adsl-start and pass it as a variable to the iptables script?)
Thanks in advance,
Robert