How to configure NAT?

[MainFrame185]

Good day,

I recently inherited a Debian Sarge network when I took a new job. Unfortunately, the previous system administrator didn’t document anything and I am having a great deal of difficulty figuring out what is what. I am a trained Solaris administrator, so I am very familiar with the UNIX kernel, but I am inexperienced with using Linux.

I need to set up network address translation, or better yet port address translation, via my Debian router so remote users can access a MS Windows Terminal Server behind the Linux router that has a private IP address assigned to it. The Debian router is configured to provide Internet access to all of the Windows PCs and servers.

I have been unable to find a comprehensive “How To” guide using Google and other Internet search engines.

Any assistance anyone could provide would be greatly appreciated.

[rcgreen]

First step should be the IP Masquerade Howto

http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/

[MainFrame185]

Wow... That's quite a document, but serious overkill for what I need to do. IPTABLES has been configured on my Debian router. What I really need is a "How to" on what I need to do to enable remote users to access my Terminal Server with a private IP address via the Internet using my Debian router as the gateway. I have done this before, using dedicated routers and firewalls like WatchGuard Fireboxes. It was a really simple process with a GUI. I can't believe I need to compile stuff and do a whole bunch of complicated tasks to accomplish this very simple thing.

Help!

[swjunke]

Your debian box is using IPTABLES if what you say about it being previously setup. The reason you were pointed to that url was because you need to know about that if you want to get your job done. IPTables is similiar to IPFilters on Solaris. Rules set is different. If you want a quick how-to google on iptables and debian, etc. The IPTables are probably already installed so the compiling you shouldn't have to worry about.

[MainFrame185]

I knew there was a simple solution for this problem. The only issue is the correct syntax, which I really had to dig for:

Code:

iptables -t nat -A PREROUTING -d A.B.C.D -p tcp --dport 3389 -j DNAT --to 10.10.0.15

Where A.B.C.D is the public IP address I wanted to map to the private IP address of my Microsoft Terminal server (10.10.0.15). It was also necessary to assign the public IP address as a global secondary address on one of the Ethernet interfaces on my Debian router. You can temporarily assign this address using the

Code:

ip addr add

command, but once you have it working you will have to edit the

Code:

/etc/network/interfaces

file and add a static entry.

This works very well, but I can't believe how troublesome it was to find a solution for a very simple problem. The best help on iptables syntax was found at:

http://yolinux.com/TUTORIALS/LinuxTu...rkGateway.html