* NATing
@ 2006-03-07 13:48 Carlo Henrico
2006-03-07 14:01 ` NATing Rob Sterenborg
0 siblings, 1 reply; 2+ messages in thread
From: Carlo Henrico @ 2006-03-07 13:48 UTC (permalink / raw)
To: netfilter
Hi All
I am new to all this but here goes.
I have read the docs on NAT'ing etc but am still lost.
I have a linux box with 2 NIC's, one on the public network and one on the
LAN.
The public side has a public IP address but we also have 4 more IP addresses
routed by the ISP down that line.
I would like to "reroute" the traffic from one of those IP addresses to a
web server (port 80) on the LAN.
What I have tried is :
Iptables -t nat PREROUTING -I 1.2.3.4 -j DNAT --to 5.6.7.8
Where 1.2.3.4 is the public IP address and 5.6.7.8 is the LAN address of the
web server.
Please help, what am I doing wrong?
Thanks
Carlo
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: NATing
2006-03-07 13:48 NATing Carlo Henrico
@ 2006-03-07 14:01 ` Rob Sterenborg
0 siblings, 0 replies; 2+ messages in thread
From: Rob Sterenborg @ 2006-03-07 14:01 UTC (permalink / raw)
To: netfilter
On Tue, March 7, 2006 14:48, Carlo Henrico wrote:
> Hi All
>
> I am new to all this but here goes.
>
> I have read the docs on NAT'ing etc but am still lost.
>
> I have a linux box with 2 NIC's, one on the public network and one on the
> LAN.
>
> The public side has a public IP address but we also have 4 more IP addresses
> routed by the ISP down that line.
>
> I would like to "reroute" the traffic from one of those IP addresses to a
> web server (port 80) on the LAN.
>
> What I have tried is :
>
> Iptables -t nat PREROUTING -I 1.2.3.4 -j DNAT --to 5.6.7.8
This rule can't possibly work and would generate an error when executing it. I
suspect it's a typo ?
> Where 1.2.3.4 is the public IP address and 5.6.7.8 is the LAN address of the
> web server.
>
> Please help, what am I doing wrong?
man iptables.
-I means "insert rule" and should be used before "PREROUTING". You should use
"-d <destination IP>" instead.
$ipt -t nat -A PREROUTING -d 1.2.3.4 -p tcp --dport 80 \
-j DNAT --to 5.6.7.8
Assuming your FORWARD policy is ACCEPT ($ipt -P FORWARD ACCEPT) and have IP
forwarding enabled (echo 1 > /proc/sys/net/ipv4/ip_forward).
Gr,
Rob
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2006-03-07 14:01 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2006-03-07 13:48 NATing Carlo Henrico
2006-03-07 14:01 ` NATing Rob Sterenborg
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.