NATing

NATing

[Carlo Henrico]

Hi All

I am new to all this but here goes.

I have read the docs on NAT'ing etc but am still lost.

I have a linux box with 2 NIC's, one on the public network and one on the
LAN.

The public side has a public IP address but we also have 4 more IP addresses
routed by the ISP down that line.

I would like to "reroute" the traffic from one of those IP addresses to a
web server (port 80) on the LAN.

What I have tried is :

Iptables -t nat PREROUTING -I 1.2.3.4 -j DNAT --to 5.6.7.8

Where 1.2.3.4 is the public IP address and 5.6.7.8 is the LAN address of the
web server.

Please help, what am I doing wrong?

Thanks

Carlo

Re: NATing

[Rob Sterenborg]

On Tue, March 7, 2006 14:48, Carlo Henrico wrote:
> Hi All
>
> I am new to all this but here goes.
>
> I have read the docs on NAT'ing etc but am still lost.
>
> I have a linux box with 2 NIC's, one on the public network and one on the
> LAN.
>
> The public side has a public IP address but we also have 4 more IP addresses
> routed by the ISP down that line.
>
> I would like to "reroute" the traffic from one of those IP addresses to a
> web server (port 80) on the LAN.
>
> What I have tried is :
>
> Iptables -t nat PREROUTING -I 1.2.3.4 -j DNAT --to 5.6.7.8

This rule can't possibly work and would generate an error when executing it. I
suspect it's a typo ?

> Where 1.2.3.4 is the public IP address and 5.6.7.8 is the LAN address of the
> web server.
>
> Please help, what am I doing wrong?

man iptables.
-I means "insert rule" and should be used before "PREROUTING". You should use
"-d <destination IP>" instead.

$ipt -t nat -A PREROUTING -d 1.2.3.4 -p tcp --dport 80 \
  -j DNAT --to 5.6.7.8

Assuming your FORWARD policy is ACCEPT ($ipt -P FORWARD ACCEPT) and have IP
forwarding enabled (echo 1 > /proc/sys/net/ipv4/ip_forward).


Gr,
Rob