View Full Version : [ubuntu] does iptable support the following features?
firsttimeuser
March 27th, 2009, 09:50 AM
Hello everyone,
I am trying to setup a relaying box which will be used to relay some TCP and udp traffic. basically, what I want is let this box relay all the defined traffic while at the same time keeping the original IPs unchanged.
I have been using iptable for a while, but only on the firewall side, so before I spend a lot time researching this, can any of you tell me if it is possible for iptable to perform such functionality? and which keyword should i be looking for? thanks a lot!
cdenley
March 27th, 2009, 10:47 AM
Sounds like DNAT to me.
http://linux-ip.net/html/nat-dnat.html
HermanAB
March 27th, 2009, 11:46 AM
Iptables also has something called 'redirect':
http://www.linuxtopia.org/Linux_Firewall_iptables/x4508.html
firsttimeuser
March 27th, 2009, 12:33 PM
it seems redirect is only used to redirect packets to the machine itself.
Iptables also has something called 'redirect':
http://www.linuxtopia.org/Linux_Firewall_iptables/x4508.html
lensman3
March 27th, 2009, 08:09 PM
You need a form similar to:
$IPTABLES -t nat -A PREROUTING -i $EXTERNAL -p tcp --sport 1024:65535 -d $EXT_IP --dport $GTK_GNUTELLA -j DNAT --to-destination 192.168.200.10:$GTK_GNUTELLA
EXTERNAL=ethx
$GTK_GNUTELLA=<some port number> This is sync'ed with gtk_gnutella listening port in the program.
--to-destination <IPNUMBER>. My IPnumber 192.168.200.10 is inside the firewall, but should work to forwardable Internet IP number.
--sport is set to the range of 1024:65535 for security reasons. Ports below 1024 are usually consider privileged.
I've set this up for SKYPE,GTK_GNUTELLA, Bitstream (both udp and tcp connections)
Hope this helps.
firsttimeuser
March 30th, 2009, 11:35 AM
much appreciated for the info.
Never used NAT before, and I think i will need to add a secondary and private ip on that destination loghost.
looking into nat now...
You need a form similar to:
$IPTABLES -t nat -A PREROUTING -i $EXTERNAL -p tcp --sport 1024:65535 -d $EXT_IP --dport $GTK_GNUTELLA -j DNAT --to-destination 192.168.200.10:$GTK_GNUTELLA
EXTERNAL=ethx
$GTK_GNUTELLA=<some port number> This is sync'ed with gtk_gnutella listening port in the program.
--to-destination <IPNUMBER>. My IPnumber 192.168.200.10 is inside the firewall, but should work to forwardable Internet IP number.
--sport is set to the range of 1024:65535 for security reasons. Ports below 1024 are usually consider privileged.
I've set this up for SKYPE,GTK_GNUTELLA, Bitstream (both udp and tcp connections)
Hope this helps.
vBulletin® v3.8.4, Copyright ©2000-2010, Jelsoft Enterprises Ltd.