Alaios wrote:
Hi plz take a look at the following example
The laptop has 2 ethernet interfaces
To eth1 comes traffic from src 143.233.222.253
The eth0 has ip address 10.2.4.2 and it is connected
back to back with eth1 of other pc with ip address
10.2.4.1
I want to forward the traffic with src 143.233.222.253
to the 10.2.4.1 pc
[SNIP]
i have also set the
/proc/sys/net/ipv4/ip_forward to 1
Ok.
[SNIP]
I have also tested this one
iptables -t nat -A PREROUTING -p tcp -d 143.233.222.77
(laptop eth1 card) --dport 22453 (i have cheched dst
port with tcpdump) 00 -j DNAT --to-destination
10.2.4.1
this still doesnt work
Every time i try to apply a new rule i use first
the iptables -F
iptables -t nat -F command
Your PREROUTING rule is probably ok, provided that 143.233.222.77 is the
IP of eth1. But I think, if the simple approach doesn't work you
shouldn't it make more complicated. Keep it small and simple and when
you understand all the details, you may go deeper. So, may be you would
like to start like this:
## Rewrite destination address
iptables -t nat -A PREROUTING -i eth1 -s 143.233.222.253 \
-j DNAT --to 10.2.4.1
## Allow packets to pass FORWARD
iptables -A FORWARD -m state --state ESTABLISHED,RELATED \
-j ACCEPT
iptables -A FORWARD -i eth1 -s 143.233.222.253 \
-j ACCEPT
## Now, SNAT outgoing packets
iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to 143.233.222.77
If this is a dial-up connection replace the SNAT part with MASQUERADE.
BTW, you only need the FORWARD rules if your FORWARD policy is DROP or
REJECT. And if you have other policies in filter table set to DROP or
REJECT enable loopback. And finally, set all policies in nat and mangle
to ACCEPT (and in raw, if you have that). This should get you started.
HTH,
Joerg
