[ILUG] Iptables questions

Conor Daly conor.daly at oceanfree.net
Fri Oct 4 04:13:03 IST 2002 

On Thu, Oct 03, 2002 at 05:19:33PM +0100 or so it is rumoured hereabouts, 
Dermot Beirne thought:
> As a followon from the last mail, here are the steps I need to do:
> I'm crap at text diagrams, so I won't attempt to do one.  I would not make
> things any clearer!!
> 
> 1. The source machine is connecting to 1.2.3.4, which they think is the FTP
> server, via a direct leased line
> 2. I have configured the network interface of the linux box to be 1.2.3.4,
> and put a route on the router to send traffic to it.
> 3. The linux box should ignore the traffic completely except to translate
> the desination ip address from 1.2.3.4 to 10.10.10.1 which is the
> FTP server address.  I then want the linux box to send the request back to
> the router with it's new destination address of 10.10.10.1
> which the router will then send on to the FTP server.
> 4. The server has a route to send any packets for the customers ip address
> range back to the linux box
> 5. The linux box will then translate the sources address of our FTP server
> back to 1.2.3.4 so that it gets back through the customer firewall.
> 
> So the linux box simple NAT's the destination IP address inbound and the
> source address outbound.
> It's driving me mad!!  I'm sure someone has done this, can anyone help.
> 
> I thought that one DNAT and one SNAT rule would do the trick.

I think you need a port forwarding rule also.  As you have things, the
linux box will route traffic from the ftp server and nat it to the 1.2.3.4
address.  however, incoming traffic to 1.2.3.4 will only get routed if
it's already part of an established session.  Port forwarding is simply a
rule that says "any traffic that comes in to 1.2.3.4 port 21 is to be sent
on to 10.10.10.1 port 21".  Can't remember the hows and wherefores of port
forwarding just now but that's what you need here...

Conor
-- 
Conor Daly <conor.daly at oceanfree.net>

Domestic Sysadmin :-)
---------------------
Faenor.cod.ie
  7:07pm  up 33 days, 23:34,  0 users,  load average: 0.00, 0.00, 0.00
Hobbiton.cod.ie
  7:01pm  up 33 days, 23:10,  2 users,  load average: 0.07, 0.10, 0.09

More information about the ILUG mailing list