0

this is the current network that I have:

UBUNTU:
  eth0:
    ip: 212.83.10.10
    bcast: 212.83.10.10
    netmask 255.255.255.255
    gateway 62.x.x.x
  eth1:
    ip: 192.168.1.1
    bcast: 192.168.1.255
    netmask: 255.255.255.0
    gateway ?

CENTOS:
  eth0:
    ip: 192.168.1.2
    bcast: 192.168.1.255
    netmask 255.255.255.0
    gateway 192.168.1.1

I basically want this:

Make specific NAT rules from the internet to specific internal servers depending on the port:

Connections incoming to port 80 must be redirected to 192.168.1.2:80

Connections incoming to port 3306 must be redirected to 192.168.1.3:3306

and so on...

I also need one NAT rule to allow the servers in the subnet 192.168.1.x to browse the internet. I need to route the requests on eth0 to eth1 to be able to exit to internet.

Can I do this on the UBUNTU machine with iptables?

Thanks!

Simone Falcini
  • 35
  • 1
  • 4

1 Answers1

0

For the fist requirement you will need to use DNAT or destination natting it's used like this,

iptables -t nat -A PREROUTING -p tcp --dport TARGETPORT -j DNAT --to TARGET-IP:TARGETPORT

Example:

iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 192.168.1.2:80

For Internet browsing you will need Source Natting:

iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j SNAT --to-source GATEWAY-IP

Or you can use masquarding instead of Source Natting like this:

iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j MASQUERADE

Also don't forget to open the needed ports on the servers.

MohyedeenN
  • 1,063
  • 1
  • 12
  • 15
  • It doesn't seem to work. The strange thing is that when i do a tracepath 8.8.8.8 from CentOS, it says: 1: 192.168.1.2 2: ... why it doesn't go to 192.168.1.1 ? To be sure that there is no firewall block I also did: iptables -A INPUT -p tcp -j ACCEPT iptables -A INPUT -p udp -j ACCEPT iptables-save But the CentOS instance cannot ping 8.8.8.8 :( – Simone Falcini Nov 06 '13 at 11:52
  • that is normal with tracepath 192.168.1.1 is the centos interface, on ubuntu what is the default gateway ? use this route -n , normaly in linux the interface with highest number becomes the default gateway so in your case the default gateway will be eth1-gateway which is not what you want. if this the issue you need to do this : route delete -net 0.0.0.0/0 gw CURRENT-GATEWAY route add -net 0.0.0.0 gw PUBLIC-GATEWAY_IP – MohyedeenN Nov 06 '13 at 12:14
  • Seems that i forget to tell, you also need to enable routing on the ubuntu machine, you do it like this: sysctl -w net.ipv4.ip_forward=1 or echo 1 > /proc/sys/net/ipv4/ip_forward – MohyedeenN Nov 06 '13 at 12:18
  • Hello, I just noticed a problem: when I try to connect with ssh from the Ubuntu machine to the CentOS, it takes ages (more than 10s). This is the tracepath from Ubuntu to CentOS: root@vm-ubuntu:~# tracepath 192.168.1.2 1: vm-ubuntu.local 0.074ms pmtu 1500 1: 192.168.1.2 0.118ms !H 1: 192.168.1.2 0.111ms !H Resume: pmtu 1500 What could be the problem?! It seems like he is trying to reach 192.168.1.2 by the wrong ethernet port.. Ping is fast: rtt min/avg/max/mdev = 0.111/0.115/0.121/0.004 ms – Simone Falcini Nov 06 '13 at 23:38
  • umm, i face this issue on some machines, the good news is that it appears one machine and the others not, even though all on the same vlan and the same switch, not sure what is the cause, if you figured it out please let me know. – MohyedeenN Nov 07 '13 at 06:42