Find the answer to your Linux question:
Results 1 to 2 of 2
Hi all, I have a computer with two interfaces (eth0 and eth1), eth0 is connected with a local network and eth1 is connected to the internet, also it implements a ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jul 2010
    Posts
    6

    How to apply a NAT with source restrictions at iptables


    Hi all,

    I have a computer with two interfaces (eth0 and eth1), eth0 is connected with a local network and eth1 is connected to the internet, also it implements a NAT in the interface eth1. Nevertheless, I'm trying to create spoofed packets with sockets raw in the computer that runs the NAT and send the packets to the interface eth1. The problem is that the NAT is changing the IP source to the real one before send the packets.
    So, anyone have any idea how can I implements the NAT in eth1 but only apply the NAT to the packets that are from/to eth0?

    I was thinking in something like (I am really newbie with iptables):
    iptables -t nat -A POSTROUTING -o eth1 -i eth0 -j MASQUERADE
    Well, it didn't work.

    Regards
    Pedro Paganela

  2. #2
    Linux Engineer Kloschüssel's Avatar
    Join Date
    Oct 2005
    Location
    Italy
    Posts
    773
    This should be the basic commands that set up a working nat forwarding for port 22 (ssh):

    Code:
    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 22 -j DNAT  --to 192.168.1.2
    iptables        -A FORWARD -i eth0 -p tcp --dport 22 -d 192.168.1.2 -j ACCEPT
    You can specify the output interface with the -o option as you already posted. Just find the right spot where to put it. I never used it, so just find it out.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •