Networking Forums
Home Register Members Search Links
Member Login:

Networking Forums > Computer Networking > Linux Networking > iptables problem

Reply
Thread Tools Display Modes

iptables problem

 
 
Jozza
Guest
Posts: n/a

 
      02-02-2005, 12:03 PM
Hi,

If i call my own computer through a global internet address the source ip
address is always a local address of my router. Why?
Below is the script on my router:
echo 0 > /proc/sys/net/ipv4/ip_forward
$iptables -t nat -F POSTROUTING
$iptables -t nat -F PREROUTING
$iptables -t nat -F OUTPUT
$iptables -F
$iptables -P INPUT DROP
$iptables -P FORWARD DROP
$iptables -P OUTPUT DROP
$iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
# input chain Administrator and linux itself
$iptables -A INPUT -s 192.168.10.1/24 -i eth1 -j ACCEPT
$iptables -A INPUT -s 127.0.0.1 -j ACCEPT
# leave established connections intact
$iptables -A INPUT -i eth0 -m state --state ESTABLISHED -j ACCEPT //eth0 =
internet
# accept ping
$iptables -A INPUT -p icmp -j ACCEPT
# accept all connections from our local interface NIC
$iptables -A FORWARD -j ACCEPT -i eth1 -s 192.168.10.1/24 //eth1 = LAN
#masquerade all outgoing local source addresses
$iptables -t nat -A POSTROUTING -s 192.168.10.1/24 -j MASQUERADE

# SMTP
$iptables -A FORWARD -j ACCEPT -p tcp --dport 25
$iptables -t nat -A PREROUTING -d 10.20.30.40 -p tcp --dport 25 -j DNAT --to
192.168.10.101:25
# enable forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
if i telnet 10.20.30.40 on port 25 from 192.168.10.101 the source ip that
192.168.10.101 receives is 192.168.10.100 which is the routers ip address

Another problem that is somehow connected to the first one:

If i want to route an incoming connection on an eth0 that is connected to
internet, to another address on internet, that destination does not
receive the source ip address. Instead it receives the local address of its
router as a source address. How to fix this?


The script on that other router is different only by these lines:
# SMTP
$iptables -A FORWARD -j ACCEPT -p tcp --dport 25
$iptables -t nat -A PREROUTING -d 10.20.30.41 -p tcp --dport 25 -j DNAT --to
10.20.30.40:25

Thanks any help,
J.
 
Reply With Quote
 
 
 
Reply

« Interesting TTL anyalysis require explanation | Re: OT: Safe Riddles »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
2.6.20 iptables nat Problem? Doug Mitton Linux Networking 7 02-08-2007 07:11 PM
iptables ftp problem johnny bobby bee Linux Networking 7 05-13-2005 10:30 AM
Iptables & DCC Problem Imitheos Linux Networking 1 09-06-2004 03:34 PM
Iptables problem Carsten Keller Linux Networking 1 10-07-2003 11:36 AM
FTP problem with IPTABLES Karl Bickmore Linux Networking 3 07-12-2003 03:01 PM


Forum Software Powered by vBulletin®, Copyright Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2 ©2009, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top

1 2 3 4 5 6 7 8 9 10 11