[olug] iptables behind router

William E. Kempf wekempf at cox.net
Tue Sep 14 07:29:36 UTC 2004


On Mon, September 13, 2004 8:54 pm, Daniel Linder said:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>
> William E. Kempf said:
>> However... I'd like to be able to have [comp A]
>> forward some ports to [comp B].
>
> Jeff gave one solution, here is another possible solution.
>
> The IPTables feature has a "Destination Network Address Translation"
> feature (DNAT) which re-writes the destination of each IP packet to
> another address when it comes in.  When it goes back out, the IPTables
> un-does the translation and replaces the (now) source address with what
> the machine on the outside expects.
>
> Example:
>
>
> CompX---{internet}---{Cablemodem}-{router}--+---[CompA]
>                                             +---[CompB]
>
> On Computer A, you would use a line like this:
> iptables -t nat -A PREROUTING -i eth0 -d <CompA_Addr> -dport <CompaA_port>
> - -j DNAT --to-destination <CompB_Addr:CompB_port>

Fiarly close to what I already tried.  I make the changes and see what
happens.

> Just make sure that Computer B has it's route to the Internet set to point
> back through CompA so CompA can un-do the DNAT...

Ahh... but doesn't this mean it must come back through another interface
on CompA for that to work?  If not, how would you make it route through
CompA instead of the router?

-- 
William E. Kempf
wekempf at cox.net



More information about the OLUG mailing list