Using iptables for nat configuration between two physical interfaces
If some machine, say proxy server, has two interfaces one local and one public. Using iptables for nat configuration between two aliased interfaces Then we can use iptables to NAT outgoing packets with proxy servers public IP. If we have two aliased interfaces like eth0 and eth0:1 and we want to configure NAT between them. Then it is more complex then configuring NAT between two physically different interfaces(like eth0, eth1), as iptables will treat both interfaces as eth0. Even kernel routing table will also treat both interfaces as just eth0. Iptables -t nat -I POSTROUTING -s ! 196.12.53.9 -m connmark ! -mark 0x1 -j SNAT \ To configure NAT in such scenario we must know which private IP address can contact on interface with private IP, say eth0. The first three lines set mark 1 on all packets which are destined for local network. The last line tells to NAT all packets which are not going to local machines and are not going outside with public IP. Iptables -A POSTROUTING -t nat -p tcp -j SNAT -to-source Iptables -A PREROUTING -t nat -p tcp -d -dport 40 -j DNAT \ We need to add both PREROUTING and POSTROUTING rules when we try to forward ports from one machine to another, as shown below: Using NAT to forward ports from one machine to another In other words NAT with public IP if packets are going outside and are not already having public IP. Note that without the second rule destination machine may try to reply to tcp connection source machine directly. Hence it would not recognize this reply and send TCP reset.Īlso destination machine will try to reply from port 22 but tcp connection source machine had initiated connection to port 40 of nat source machine.
0 kommentar(er)
