Re: iptables NAT routing (LAN -> public IP of WAN interface -> LAN again)

Jody wrote:
> I have Linux kernel 2.6.10 set up with iptables to do network address
> translation routing for computers on a LAN, with port forwarding for a
> couple of servers. I cannot access the public IP from behind the router
> in the same fashion as if I was accessing it at a remote location (i.e.
> like a customer) whereas when there was a home router in the same spot I
> could do so. The home router was not extensible enough, and is not an
> answer. What kind of rules would I need to use for iptables to tell it
> to route packets from LAN computers destined for the IP of the WAN
> interface the same way as if they were from external systems? I need
> internal requests to the public IP to port-forward by the same rules
> that outside requests are.
>
> I can't post the contents of my configuration script at this time. I
> apologize for that.
>
> TIA for any help.
>
> Jody

IPT=/sbin/iptables
if [ ! -x $IPT ]; then
echo "firewall: can't execute \$IPTABLES"
exit 1
fi

###########################################################################
# #
TRILLIANE0="123.456.789.012"
# #
###########################################################################

###########################################################################
# #
# Change these assignments to conform to your network architecture. #
EXTDEV0=ppp0
EXTIP0="$TRILLIANE0"
# #
###########################################################################

###########################################################################
# #
# SOURCE NAT #
# #
###########################################################################
# #
# If anything leaves our LAN going to Internet (EXTIP0, ppp0), make it #
# appear it came from this firewall machine; i.e., give it our routable #
# IP address. #
$IPT -t nat -A POSTROUTING -o $EXTDEV0 -j SNAT --to-source $EXTIP0
# #
###########################################################################

--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key: 9A2FC99A Registered Machine 241939.
/( )\ Shrewsbury, New Jersey http://counter.li.org
^^-^^ 23:50:00 up 12 days, 10:20, 3 users, load average: 4.21, 4.11, 4.11
.

Relevant Pages

  • Re: 3 LAN, 2 WAN - 2 LAN use 1 WAN, last LAN uses other WAN
    ... ethernet with a LAN Router in between (I mean a "real" router, ... This is hardly a home user LAN box.. ... Networks are separate from computers. ... Computers live on the network just ...
    (microsoft.public.windows.server.networking)
  • Re: network with 98ses.
    ... > use your network effectively. ... you need to change the workgroup on all of your computers. ... > own LAN. ...
    (microsoft.public.windowsxp.network_web)
  • Re: howto for setting up an debian home network router
    ... All my lan computers are connected to the switch. ... I just connected the DSL modem's LAN cable to a computer running Linux to see how to connect to the internet. ... I connected a desktop to the switch giving it a fixed IP adress on the LAN (192.168.0.0 network). ... Before I installed dnsmasq, I was getting a peak speak of around 4MBps as opposed to the ideal speed of 12.5 MBps. ...
    (Debian-User)
  • iptables NAT routing (LAN -> public IP of WAN interface -> LAN again)
    ... I have Linux kernel 2.6.10 set up with iptables to do network address translation routing for computers on a LAN, with port forwarding for a couple of servers. ... I cannot access the public IP from behind the router in the same fashion as if I was accessing it at a remote location whereas when there was a home router in the same spot I could do so. ...
    (comp.os.linux.setup)
  • Re: RH9, NAT and routing
    ... > I'm trying to set up my local network so that my RH9 box acts as a router ... > between my LAN and the Internet via a DSL connection. ... > for sites not in my local DNS configuration throughout my LAN. ... $IPTABLES -P FORWARD DROP ...
    (RedHat)