Find the answer to your Linux question:
Results 1 to 2 of 2
Hi all I used Linux as a router, firwall, DNS (OpenDNS), DHCP and cache server, I created 4 additional virtual Ethernet ports to split network hosts, Linux MASQUERADE hide the ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined! mibrahim's Avatar
    Join Date
    Aug 2011
    Posts
    9

    iptable nat problem


    Hi all
    I used Linux as a router, firwall, DNS (OpenDNS), DHCP and cache server, I created 4 additional virtual Ethernet ports to split network hosts, Linux MASQUERADE hide the public ip of servers attacking my servers, If i disabled MASQUERADE some service are not working. How can i enable my servers to know the IP of servers or users attacking my servers which are behind Linux firewall.


    -A PREROUTING -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.60:3128
    -A PREROUTING -p udp -m udp --dport 80 -j DNAT --to-destination 192.168.1.60:3128
    -A PREROUTING -p udp -m udp --dport 53 -j DNAT --to-destination 192.168.1.60:53
    -A PREROUTING -p tcp -m tcp --dport 53 -j DNAT --to-destination 192.168.1.60:53



    -A POSTROUTING -o eth0 -j MASQUERADE


    Please help me

  2. #2
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    My first question is the above rules for services that are hosted on the router/firewall? If they are then you should be using REDIRECT instead of DNAT in your PREROUTE rules.

    Another thing you do not need separate rules for UDP and TCP when using the same port. One rule that matches just he port will do like the following;

    Code:
    -A PREROUTING --dport 80 -j .....
    -A PREROUTING --dport 53 -j .....
    This will match all traffic on port 80 or 53 and do what you want done.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •