 |
| Register | FAQ | Members List | Calendar | Links | Search | Today's Posts | Mark Forums Read |
|
||||||||
|
|
#1
02-02-2005, 01:03 PM
|
iptables problem
Hi,
If i call my own computer through a global internet address the source ip address is always a local address of my router. Why? Below is the script on my router: echo 0 > /proc/sys/net/ipv4/ip_forward $iptables -t nat -F POSTROUTING $iptables -t nat -F PREROUTING $iptables -t nat -F OUTPUT $iptables -F $iptables -P INPUT DROP $iptables -P FORWARD DROP $iptables -P OUTPUT DROP $iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT $iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT $iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT # input chain Administrator and linux itself $iptables -A INPUT -s 192.168.10.1/24 -i eth1 -j ACCEPT $iptables -A INPUT -s 127.0.0.1 -j ACCEPT # leave established connections intact $iptables -A INPUT -i eth0 -m state --state ESTABLISHED -j ACCEPT //eth0 = internet # accept ping $iptables -A INPUT -p icmp -j ACCEPT # accept all connections from our local interface NIC $iptables -A FORWARD -j ACCEPT -i eth1 -s 192.168.10.1/24 //eth1 = LAN #masquerade all outgoing local source addresses $iptables -t nat -A POSTROUTING -s 192.168.10.1/24 -j MASQUERADE # SMTP $iptables -A FORWARD -j ACCEPT -p tcp --dport 25 $iptables -t nat -A PREROUTING -d 10.20.30.40 -p tcp --dport 25 -j DNAT --to 192.168.10.101:25 # enable forwarding echo 1 > /proc/sys/net/ipv4/ip_forward if i telnet 10.20.30.40 on port 25 from 192.168.10.101 the source ip that 192.168.10.101 receives is 192.168.10.100 which is the routers ip address Another problem that is somehow connected to the first one: If i want to route an incoming connection on an eth0 that is connected to internet, to another address on internet, that destination does not receive the source ip address. Instead it receives the local address of its router as a source address. How to fix this? The script on that other router is different only by these lines: # SMTP $iptables -A FORWARD -j ACCEPT -p tcp --dport 25 $iptables -t nat -A PREROUTING -d 10.20.30.41 -p tcp --dport 25 -j DNAT --to 10.20.30.40:25 Thanks any help, J. Jozza 
|
 |
| Tags |
| iptables, problem |
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
