iptables? issue
nullv at gmx.com
nullv at gmx.com
Sat Feb 18 16:23:50 UTC 2012
This is what I did some time ago. I've not tried it with the latest iptables.
(I spun my own firewall.) REDIR is the local IP to be redirected to. And
REDIRPORT is the port to be redirected. EXTIF and INTIF are probably
obvious. (If they aren't you may need some reading time.)
/sbin/iptables -A FORWARD -p tcp -i $EXTIF -o $INTIF -d $REDIR --dport
$REDIRPORT -j ACCEPT
/sbin/iptables -t nat -A PREROUTING -p tcp -i $EXTIF -d $EXTIP --dport
$REDIRPORT -j DNAT --to $REDIR
/sbin/iptables -t nat -A PREROUTING -p udp -i $EXTIF -d $EXTIP --dport
$REDIRPORT -j DNAT --to $REDIR
{^_^}
Hi JD,
That would work for incoming packets but what about outgoing packets?
i'm using
/sbin/iptables -t nat -A POSTROUTING -i $INTIF -s $REDIR -o $EXTIF -j SNAT --to $WANIP
where $WANIP is my public ip but my machine is not connecting.
however, if i use
/sbin/iptables -t nat -A POSTROUTING -i $INTIF -s $REDIR -o $EXTIF -j MASQUERADE
i get connected. The problem is masquerading only used the default public ip (ttbomk) and i want to use certain public ips for only certain clients and masquerading doesn't offer me that.
???
Thanks
More information about the users
mailing list