IPTables port forwarding with dynamic ip address

Hi all,

I have the following rule used to port forward a port to an internal
host:

WAN = eth<X>

EXTERNALIP = <HARD CODED VALUE IN SCRIPT >

iptables -t -nat -A PREROUTING -p tcp -i ${WAN} -d ${EXTERNALIP} --
dport 8022 -j DNAT --to 192.168.1.X:<PORT>

If i miss out the -d ${EXTERNALIP} argument i cannot get the rule to
work. Unfortunately, the internface eth<X> is assigned a dynamic IP
address at random intervals. I am currently using dhcp to control the
interface.

Obviously when the IP changes, the ${EXTERNALIP} argument is
incorrect. Could anyone recommend, a way that i may be able to tie
this to the interface rather than the ip address. All my attempts have
failed, and im sure this could probably be done?

Any ideas, thanks in advance again for all your help.

David

David wrote:
> Hi all,
>
> I have the following rule used to port forward a port to an internal
> host:
>
> WAN = eth<X>
>
> EXTERNALIP = <HARD CODED VALUE IN SCRIPT >
>
> iptables -t -nat -A PREROUTING -p tcp -i ${WAN} -d ${EXTERNALIP} --
> dport 8022 -j DNAT --to 192.168.1.X:<PORT>
>
> If i miss out the -d ${EXTERNALIP} argument i cannot get the rule to
> work. Unfortunately, the internface eth<X> is assigned a dynamic IP
> address at random intervals. I am currently using dhcp to control the
> interface.
>
> Obviously when the IP changes, the ${EXTERNALIP} argument is
> incorrect. Could anyone recommend, a way that i may be able to tie
> this to the interface rather than the ip address. All my attempts have
> failed, and im sure this could probably be done?
>
> Any ideas, thanks in advance again for all your help.
>
> David
>
You need to run your rule when the IP address is assigned. In my
distribution (Debian), that means putting a little script in the directory:

/etc/dhcp3/dhclient-exit-hooks.d

where the variable $new_ip_address will contain the new IP address.
Details are in "man dhclient-script". No doubt your distribution has
some similar arrangement.

Robert

On 6 Jun, 11:28, Robert Harris <robert.f.har...@blueyonder.co.uk>
wrote:
> David wrote:
> > Hi all,
>
> > I have the following rule used to port forward a port to an internal
> > host:
>
> > WAN = eth<X>
>
> > EXTERNALIP = <HARD CODED VALUE IN SCRIPT >
>
> > iptables -t -nat -A PREROUTING -p tcp -i ${WAN} -d ${EXTERNALIP} --
> > dport 8022 -j DNAT --to 192.168.1.X:<PORT>
>
> > If i miss out the -d ${EXTERNALIP} argument i cannot get the rule to
> > work. Unfortunately, the internface eth<X> is assigned a dynamic IP
> > address at random intervals. I am currently using dhcp to control the
> > interface.
>
> > Obviously when the IP changes, the ${EXTERNALIP} argument is
> > incorrect. Could anyone recommend, a way that i may be able to tie
> > this to the interface rather than the ip address. All my attempts have
> > failed, and im sure this could probably be done?
>
> > Any ideas, thanks in advance again for all your help.
>
> > David
>
> You need to run your rule when the IP address is assigned. In my
> distribution (Debian), that means putting a little script in the directory:
>
> /etc/dhcp3/dhclient-exit-hooks.d
>
> where the variable $new_ip_address will contain the new IP address.
> Details are in "man dhclient-script". No doubt your distribution has
> some similar arrangement.
>
> Robert- Hide quoted text -
>
> - Show quoted text -

Hi, just wanted to say thanks. That is definately what im looking
for.

Thanks for the help