Results 1 to 2 of 2
Enjoy an ad free experience by logging in. Not a member yet? Register.
- Join Date
- Jul 2010
How to apply a NAT with source restrictions at iptables
I have a computer with two interfaces (eth0 and eth1), eth0 is connected with a local network and eth1 is connected to the internet, also it implements a NAT in the interface eth1. Nevertheless, I'm trying to create spoofed packets with sockets raw in the computer that runs the NAT and send the packets to the interface eth1. The problem is that the NAT is changing the IP source to the real one before send the packets.
So, anyone have any idea how can I implements the NAT in eth1 but only apply the NAT to the packets that are from/to eth0?
I was thinking in something like (I am really newbie with iptables):
iptables -t nat -A POSTROUTING -o eth1 -i eth0 -j MASQUERADE
Well, it didn't work.
This should be the basic commands that set up a working nat forwarding for port 22 (ssh):
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 22 -j DNAT --to 192.168.1.2 iptables -A FORWARD -i eth0 -p tcp --dport 22 -d 192.168.1.2 -j ACCEPT