Find the answer to your Linux question:
Results 1 to 5 of 5
-------------------------------------------------------------------------------- Hello , Can someone pls tell me how to make my Linux Firewall respond to ARP Requests when configured for DNAT. -A PREROUTING -d <<public-ip>> -p tcp -m tcp ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Dec 2007
    Posts
    14

    Unhappy iptables - DNAT / ARP issues


    --------------------------------------------------------------------------------

    Hello , Can someone pls tell me how to make my Linux Firewall respond to ARP Requests when configured for DNAT.


    -A PREROUTING -d <<public-ip>> -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.10
    -A PREROUTING -d <<public-ip>> -i eth1 -p icmp -j DNAT --to-destination 192.168.1.10
    -A PREROUTING -d <<public-ip>> -p tcp -m tcp --dport 23 -j DNAT --to-destination 192.168.1.10
    -A PREROUTING -d <<public-ip>> -p tcp -m tcp --dport 20:21 -j DNAT --to-destination 192.168.1.10


    Thanks,
    Vikram

  2. #2
    Just Joined!
    Join Date
    Jun 2008
    Location
    India, Kolkata
    Posts
    10

    Thumbs down iptables - DNAT / ARP issues

    hi,

    Did you configured ur Linux Box as router?

    plz check the file /etc/sysctl.conf,

    & verify net.ipv4.ip_forward = 1
    [Default value is 0 ]


    --
    Swagato
    Last edited by devils casper; 06-19-2008 at 08:56 AM. Reason: link removed

  3. #3
    Just Joined!
    Join Date
    Dec 2007
    Posts
    14

    iptables - DNAT / ARP issues

    I did configure the box as linux router , the routing, SNAT is working perfectly fine excpet for the DNAT.


    when a request comes in from internet for the DNAT ip address , all i can see in "tcpdump" is a arp-request for who-is x.x.x.x and the firewall does not respond to that .

    Thanks,
    Vikram

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Jun 2008
    Location
    India, Kolkata
    Posts
    10

    Smile

    Please send me the last 20 lines of your log file /var/log/messages, just after the remote request.



    -- Swagato
    Last edited by devils casper; 06-19-2008 at 08:56 AM. Reason: link removed

  6. #5
    Just Joined!
    Join Date
    Dec 2007
    Posts
    14
    Think , i found the solution

    need to execute the following commands

    ip route add nat <<public ip>> via 192.168.1.10
    ip rule add nat <<public ip>> from 192.168.1.10

    below are the links that give a clear explanation of issues with DNAT & ARP

    5.5.&#194;&#160;Destination NAT with netfilter (DNAT)


    5.3.&#194;&#160;Stateless NAT with iproute2

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •