Re: How to do a "double" NAT ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



В Вто, 07/07/2009 в 22:48 +0200, David Balažic пишет:
> Hi!
> 
> I have a bit specific, but not that unusual problem.
> 
> I have linux 2.4 (OpenWRT 1.0) running on a home router.
> ppp0 has the connection to outside world and br0 is the local network
> and is "NAT-ed".
> 
> I also have a vlan0 interface with IP address  192.168.1.1. On that
> network there is a host that has a HTTP server on port 80 and accepts
> connections only from 192.168.1.x.
> 
> What I want is to set up a rule that allows outside hosts (the entire
> internet, ok maybe limited to a single IP) access to that port and of
> course masquerades it to appear as if coming from 192.168.1.x.
> 
> There I'm lost. I have good unix experience, but managed to avoid
> packet filters until now ;-)

iptables -t nat -A PREROUTING -i ppp0 -p tcp -d <ppp0_IP> --dport 80 -j
DNAT --to-destination 192.168.1.1
iptables -t nat -A POSTROUTING -o br0 -p tcp -d 192.168.1.1 --dport 80
-j SNAT --to-source <br0_IP>

I managed to avoid VLAN setups, so the above will work for the case
without vlan when HTTP server is connected to br0.

-- 
Покотиленко Костик <casper@xxxxxxxxxxxx>

--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux