I need to redirect network traffic using iptables.
I use this:
sysctl net.ipv4.ip_forward=1
service network restart
sudo iptables -t nat -A PREROUTING -p tcp -s 192.168.1.215 --dport 990 -j DNAT --to-destination {serverIp}:990
sudo iptables -t nat -A PREROUTING -p tcp -s {serverIp} --dport 990 -j DNAT --to-destination 192.168.1.215:990
iptables -t nat -A POSTROUTING -j MASQUERADE
*in ubuntu it works.
Do you know what it's wrong?
Thanks
iptables routing
Re: iptables routing
Are you sure you meant to use -s in both of those?sudo iptables -t nat -A PREROUTING -p tcp -s 192.168.1.215 --dport 990 -j DNAT --to-destination {serverIp}:990
sudo iptables -t nat -A PREROUTING -p tcp -s {serverIp} --dport 990 -j DNAT --to-destination 192.168.1.215:990
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: iptables routing
Why two rules and why the blanket SNAT?
AFAIK, when A sends packet to B and B redirects it to new destination, C,
the B retains a state of that connection so that replies from C will be automatically
relabeled with "from=B".
That assumes that C replies to A via B.
There is an another part missing. The B has received a packet. Prerouting has
tampered the packet into (from=A, to=C). Now comes routing. This packet is not
for B and thus B must forward it. The net.ipv4.ip_forward=1 allows forwarding.
Forwarded packets enter the netfilter's FORWARD chain. Default setup has only
one rule in FORWARD and that is REJECT.
AFAIK, when A sends packet to B and B redirects it to new destination, C,
the B retains a state of that connection so that replies from C will be automatically
relabeled with "from=B".
That assumes that C replies to A via B.
There is an another part missing. The B has received a packet. Prerouting has
tampered the packet into (from=A, to=C). Now comes routing. This packet is not
for B and thus B must forward it. The net.ipv4.ip_forward=1 allows forwarding.
Forwarded packets enter the netfilter's FORWARD chain. Default setup has only
one rule in FORWARD and that is REJECT.
Re: iptables routing
Also service network restart resets that...
Code: Select all
[root@centos7 ~]# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 0
[root@centos7 ~]# sysctl net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1
[root@centos7 ~]# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1
[root@centos7 ~]# sc restart network
[root@centos7 ~]# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 0
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke