Find the answer to your Linux question:
Results 1 to 2 of 2
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    iptable nat problem

    Hi all
    I used Linux as a router, firwall, DNS (OpenDNS), DHCP and cache server, I created 4 additional virtual Ethernet ports to split network hosts, Linux MASQUERADE hide the public ip of servers attacking my servers, If i disabled MASQUERADE some service are not working. How can i enable my servers to know the IP of servers or users attacking my servers which are behind Linux firewall.

    -A PREROUTING -p tcp -m tcp --dport 80 -j DNAT --to-destination
    -A PREROUTING -p udp -m udp --dport 80 -j DNAT --to-destination
    -A PREROUTING -p udp -m udp --dport 53 -j DNAT --to-destination
    -A PREROUTING -p tcp -m tcp --dport 53 -j DNAT --to-destination


    Please help me

  2. #2
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    The Keystone State
    My first question is the above rules for services that are hosted on the router/firewall? If they are then you should be using REDIRECT instead of DNAT in your PREROUTE rules.

    Another thing you do not need separate rules for UDP and TCP when using the same port. One rule that matches just he port will do like the following;

    -A PREROUTING --dport 80 -j .....
    -A PREROUTING --dport 53 -j .....
    This will match all traffic on port 80 or 53 and do what you want done.


    The adventure of a life time.

    Linux User #296285
    Get Counted

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts