iptables? issue

[jdow]

On 2012/02/18 08:23, nullv at gmx.com wrote:
>
>
> This is what I did some time ago. I've not tried it with the latest iptables.
> (I spun my own firewall.) REDIR is the local IP to be redirected to. And
> REDIRPORT is the port to be redirected. EXTIF and INTIF are probably
> obvious. (If they aren't you may need some reading time.)
>
> /sbin/iptables -A FORWARD -p tcp -i $EXTIF -o $INTIF -d $REDIR --dport
> $REDIRPORT -j ACCEPT
>
> /sbin/iptables -t nat -A PREROUTING -p tcp -i $EXTIF -d $EXTIP --dport
> $REDIRPORT -j DNAT --to $REDIR
> /sbin/iptables -t nat -A PREROUTING -p udp -i $EXTIF -d $EXTIP --dport
> $REDIRPORT -j DNAT --to $REDIR
>
> {^_^}
>
>
> Hi JD,
>
> That would work for incoming packets but what about outgoing packets?
> i'm using
>
> /sbin/iptables -t nat -A POSTROUTING -i $INTIF -s $REDIR -o $EXTIF -j SNAT --to $WANIP
>
> where $WANIP is my public ip but my machine is not connecting.
> however, if i use
>
> /sbin/iptables -t nat -A POSTROUTING -i $INTIF -s $REDIR -o $EXTIF -j MASQUERADE
>
> i get connected. The problem is masquerading only used the default public ip (ttbomk) and i want to use certain public ips for only certain clients and masquerading doesn't offer me that.
> ???
>
> Thanks

For incoming packets I have standard DNAT working.

{^_^}