Linux-Noob Forums
iptables router - Printable Version

+- Linux-Noob Forums (https://www.linux-noob.com/forums)
+-- Forum: Linux Server Administration (https://www.linux-noob.com/forums/forum-8.html)
+--- Forum: Security and Firewalls (https://www.linux-noob.com/forums/forum-87.html)
+--- Thread: iptables router (/thread-1734.html)



iptables router - chj - 2006-11-09


I am trying to setup my linux box to act as a gateway for a few systems, with only 1 NIC installed.

 

eth0 - is a DHCP IP and is always in the same range, let us use 111.112.58.*

eth0:1 is 10.0.0.1 and is the internal network.

 

All I want is for my internal systems to be able to access internett, and for the linux box's external port 1999 to be routed to 10.0.0.2 port 1999

 

Anyone got any tips?




iptables router - znx - 2006-11-09


Quote:Anyone got any tips?
 

It would be good to see the ifconfig output so we can determine the current state of your interfaces. However something like:



Code:
ifconfig eth0:0 10.0.0.1 netmask 255.255.255.0 broadcast 10.0.0.255 up




 

Should append the additional alias for the interface. To deal with 10.0.0.x -> 111.112.58.x you will require to use iptables to MASQ.

 

Should point out that you will lack the additional security that 2 NICs provide.




iptables router - chj - 2006-11-11


The IPs has been setup, but my question is regarding iptables and how to setup the routing.

 

Because you can not route on virtual devices, I need to route on IP level, and can not find any good information about that anywhere.




iptables router - znx - 2006-11-17


Quote:The IPs has been setup, but my question is regarding iptables and how to setup the routing.  

Because you can not route on virtual devices, I need to route on IP level, and can not find any good information about that anywhere.
 

Oops .. sorry about the lack of reply here, I'm on my holidays I will write a proper response tomorrow but basic:

 

iptables -A PREROUTING -t nat -p tcp --dport 1999 -i eth0 -j DNAT --to 10.0.0.2:1999

 

where eth0 = external interface...

 

should be all you need .. :P

 

Ok better more complete reply to follow!