iptables - problem with forwarding traffic

Hello,

I am new to iptables but comfortable with Linux.
I setup a RHAS3 with 2 NICs, one connected to internet with real IP
and the other connected to my local LAN. I have modified the
ip_forwarding file content and issued the iptables line below

iptables -t nat -A -POSTROUTING -s internal.ip/internal.mask -o ethx
-j SNAT --to-source external.ip

which allowed my to allow my local users use this box as a gateway to
internet.

My next topic is how to set up web/mail/ftp etc servers locally, and
by assigning other real IP's and making proper forwarding so that
these servers would server both local and non-local internet users.

In summary here is what I neet to do but have no clue ;

1 - assigning several secondary IP's onto the public NIC
2 - issuing apropriate iptables command so that the traffic of each of
these secondary real IP's would be forwarded directly to seperate
local IP's, regardless of the port etc. details of the traffic.

Regards thanks for all kind of help.

Sanal Kisi wrote:

> Hello,
>
> I am new to iptables but comfortable with Linux.
> I setup a RHAS3 with 2 NICs, one connected to internet with real IP
> and the other connected to my local LAN. I have modified the
> ip_forwarding file content and issued the iptables line below
>
> iptables -t nat -A -POSTROUTING -s internal.ip/internal.mask -o ethx
> -j SNAT --to-source external.ip
>
> which allowed my to allow my local users use this box as a gateway to
> internet.
>
> My next topic is how to set up web/mail/ftp etc servers locally, and
> by assigning other real IP's and making proper forwarding so that
> these servers would server both local and non-local internet users.
>
> In summary here is what I neet to do but have no clue ;
>
> 1 - assigning several secondary IP's onto the public NIC
> 2 - issuing apropriate iptables command so that the traffic of each of
> these secondary real IP's would be forwarded directly to seperate
> local IP's, regardless of the port etc. details of the traffic.
>
> Regards thanks for all kind of help.


Hello

So you must do:

iptables -t nat -A PREROUTING -d realip(1) -p (tcp or udp or all) --dport
(service you want to forwart inside) -j DNAT --to (your local ip in
network)

If you want to forward all traffic (for some ip in lan) from internet to lan

iptables -t nat -A PREROUTING -d (real ip) -j DNAT --to (local lan ip)

You must remember that you must snat local lan ip to the same address used
for forward:


iptables -t nat -A PREROUTING -d 80.55.98.98 -j DNAT --to 192.168.0.2
iptables -t nat -A POSTROUTING -s 192.168.0.2 -j SNAT --to 80.55.98.98

Thanks a lot.

It worked like a charm.

I've done the urgent part of my job, now its time for me to start
learning the depths of IPTABLES, if I can :-)

Best regards.