LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-18-2014, 10:25 AM   #1
dr98mav
LQ Newbie
 
Registered: Aug 2014
Location: IRAN
Distribution: debian 7.4 , ubuntu 13.10
Posts: 12

Rep: Reputation: Disabled
Unhappy nat on iptables


hi
my nat is not work
i flush my tables and enable ipv4 forwarding
but not work in there chain prerouting and postrouting


-----------------------------
thank you for read and answer
by dr98mav
 
Old 08-18-2014, 06:40 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,409
Blog Entries: 55

Rep: Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582
Please post your iptables rule set using 'iptables-save' output.
 
Old 08-19-2014, 01:40 PM   #3
dr98mav
LQ Newbie
 
Registered: Aug 2014
Location: IRAN
Distribution: debian 7.4 , ubuntu 13.10
Posts: 12

Original Poster
Rep: Reputation: Disabled
"iptables-save"

Code:
# Generated by iptables-save v1.4.14 on Mon Aug 18 21:31:04 2014
*mangle
:PREROUTING ACCEPT [989:506440]
:INPUT ACCEPT [989:506440]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [710:66167]
:POSTROUTING ACCEPT [732:69848]
COMMIT
# Completed on Mon Aug 18 21:31:04 2014
# Generated by iptables-save v1.4.14 on Mon Aug 18 21:31:04 2014
*filter
:INPUT ACCEPT [989:506440]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [710:66167]
COMMIT
# Completed on Mon Aug 18 21:31:04 2014
# Generated by iptables-save v1.4.14 on Mon Aug 18 21:31:04 2014
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -d 192.168.1.200/32 -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.2.100
-A POSTROUTING -o eth1 -p tcp -m tcp --sport 80 -j SNAT --to-source 192.168.1.200
COMMIT
# Completed on Mon Aug 18 21:31:04 2014

Last edited by dr98mav; 08-19-2014 at 01:59 PM.
 
Old 08-19-2014, 02:01 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,409
Blog Entries: 55

Rep: Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582
What did you do? Open 'iptables-save' or run it? If the latter then something is wrong because it should show iptables rules.
 
Old 08-19-2014, 02:07 PM   #5
dr98mav
LQ Newbie
 
Registered: Aug 2014
Location: IRAN
Distribution: debian 7.4 , ubuntu 13.10
Posts: 12

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by unSpawn View Post
What did you do? Open 'iptables-save' or run it? If the latter then something is wrong because it should show iptables rules.

sorry
it's true
 
Old 08-25-2014, 02:38 AM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,409
Blog Entries: 55

Rep: Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582
Rule set looks OK. Are 192.168.2.0/24 and 192.168.1.0/24 separate networks?
 
Old 08-25-2014, 04:44 AM   #7
dr98mav
LQ Newbie
 
Registered: Aug 2014
Location: IRAN
Distribution: debian 7.4 , ubuntu 13.10
Posts: 12

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by unSpawn View Post
Rule set looks OK. Are 192.168.2.0/24 and 192.168.1.0/24 separate networks?
yes
 
Old 08-25-2014, 05:13 PM   #8
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,409
Blog Entries: 55

Rep: Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582
Do you have an Ethernet device in each subnet? Do the hosts in 192.168.2.0/24 know how to reach 192.168.1.0/24 and vice versa?
 
Old 08-25-2014, 06:03 PM   #9
dr98mav
LQ Newbie
 
Registered: Aug 2014
Location: IRAN
Distribution: debian 7.4 , ubuntu 13.10
Posts: 12

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by unSpawn View Post
Do you have an Ethernet device in each subnet? Do the hosts in 192.168.2.0/24 know how to reach 192.168.1.0/24 and vice versa?
yes i have two Ethernet for each subnet and yes again eth0 know how reach to eth1 and vice versa.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
IPTables 1:1 NAT Garak Linux - Security 13 12-19-2011 06:03 PM
Iptables - NAT blueblood Linux - Networking 3 07-08-2011 09:17 AM
iptables: can't initialize iptables table `NAT' linuxgentoo Linux - Kernel 3 01-17-2010 11:15 AM
IPTABLES : build NAT using IPTABLES joseph Linux - Networking 4 04-23-2004 06:08 AM
iptables and NAT arrruken Linux - Networking 8 10-03-2003 05:17 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:20 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration