Created
May 13, 2015 12:50
-
-
Save eikaas/7943b9a6066615257eaf to your computer and use it in GitHub Desktop.
Iptables NAT
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Linux IPTables NAT Setup | |
| It is important to ensure that the test-server has the proper routes. Else it will | |
| receive the request, but be unable to respond. Thinking that the test-server works and | |
| has proper routes when it in fact doesnt can lead to a world of troubles. | |
| It can be beneficial to just disable the main iterface. | |
| Test to make sure you can reach the internet from the internal test-machine | |
| before trying to map a listening port to it. | |
| The following steps works | |
| ## Enable Linux port forwarding | |
| echo 1 > /proc/sys/net/ipv4/ip_forward | |
| * Change the setting in /etc/sysctl.conf to keep throught reboot | |
| ### Enable NAT | |
| iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE | |
| ### Forward established and related connection back to the requestee | |
| iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT | |
| ### Forward requests from the INSIDE network to the outside without question | |
| iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT | |
| ### Forward everything to port 80 to internal server 10.0.0.5 | |
| iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 10.0.0.5 | |
| ### Forward port 1911 to internal port 22 on 10.0.0.9 | |
| iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 1911 -j DNAT --to 10.0.0.9:22 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment