Find the answer to your Linux question:
Results 1 to 4 of 4
I'll try again here ;p Posted in the other section but no answer.. either nobody knows or it's because it was in the wrong Section. I'm looking for some IPTables ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Nov 2005
    Posts
    15

    IPTables & Forwarding


    I'll try again here ;p
    Posted in the other section but no answer.. either nobody knows or it's because it was in the wrong Section.

    I'm looking for some IPTables rules. Examples.. to guide me tru my little problem.

    Situation is rather simple :

    Linux router/server with 3 NIC. 2 NIC to internet and 1 for LAN.
    I am trying to share the bandwidth by forwarding some ports tru an INTERFACE (if it was to a static IP.. easy... i know -SNAT/DNAT), simply because both Internet connection uses DHCP to get an ip... and sometimes they can change. or a reboot, then i gotta modify manually the IPs in the firewall script...

    If i had Static IPs my life would be SO much easier ehehhe.

    So i'm wondering if there is some ppl that could give me some hints.

    I was thinking of some POSTROUTING rule... but SNAT/DNAT --to only works with mentionning an IP... not an interface.

    I don't know... i have no idea here...
    thx for any help/ideas.

  2. #2
    Just Joined! srerucha's Avatar
    Join Date
    Jun 2005
    Location
    Brno, Czech republic
    Posts
    58

    target MASQUERADE instead of SNAT

    Look for target MASQUERADE instead of SNAT in iptables' manual.

    Excerpt from ''man iptables'' :

    MASQUERADE
    This target is only valid in the nat table, in the POSTROUTING chain.
    It should only be used with dynamically assigned IP (dialup) connec-
    tions: if you have a static IP address, you should use the SNAT target.
    Masquerading is equivalent to specifying a mapping to the IP address of
    the interface the packet is going out, but also has the effect that
    connections are forgotten when the interface goes down. This is the
    correct behavior when the next dialup is unlikely to have the same
    interface address (and hence any established connections are lost any-
    way). It takes one option:

    --to-ports port[-port]
    This specifies a range of source ports to use, overriding the
    default SNAT source port-selection heuristics (see above). This
    is only valid if the rule also specifies -p tcp or -p udp.

  3. #3
    Linux Guru
    Join Date
    May 2004
    Location
    forums.gentoo.org
    Posts
    1,817
    You might want to download 'Firestarter' which is a firewall manager program. It has some limitations, but I think it may be helpful.
    /IMHO
    //got nothin'
    ///this use to look better

  4. #4
    Just Joined!
    Join Date
    Nov 2005
    Posts
    15
    checked out firestarter at my friend's place... but couldn't see anywhere how firestarter was setting up the rules. Was trying to see some codes and stuff... and it's not the best thing to use.

    also, im not using X-Windows (the gfx interface), linux server in console mode only (the way it should be)

    I have read the man iptables (thx for the suggestion) many times...

    Still trying to find a way to send some ports tru an interface tho ;/

    open to suggestion... i need something that could lead me to the right path.. not the dark path <insert Star Wars theme Song> :P

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •