Iptables Rule Help

Discussion in 'Technical' started by ryan9979, Jan 7, 2014.

  1. ryan9979

    ryan9979 New Member

    Hi all,

    Im looking for some help with an iptables setup I have at my house. I have a cable connection with 5 static IP addresses and am running Ubuntu 12.04 on a box with 2 nic cards. The cable modem is not acting as a firewall or anything. The modem is plugged into eth0 and the local lan eth1. I have a source nat rule that sends all traffic out one address. It is as follows.

    -A POSTROUTING -s -o eth0 -j SNAT --to-source X.X.X.5
    The default rules are set to ALLOW for forward and output in the filter table and DROP for input. ( I have tried changing this to ALLOW with no success)

    I want to be able to see services I am hosting on the other addresses X.X.X.1 - X.X.X.4 from the fifth address. so far I have just put in host file entries on my development machine to go to the right place and I can't keep doing this.

    I would think this is possible since it never needs to leave my system.

    Let me know your thoughts...

  2. sjau

    sjau Local Meanie Moderator

    on my vpn server I also need to forward ports to given vpn-IPs and I use stuff like this:

    # squid
    iptables -t nat -A PREROUTING -i eth0 -d aa.bb.cc.dd -p tcp --dport 3128 -j DNAT --to 10.8.0.xx
    iptables -t nat -A PREROUTING -i eth0 -d aa.bb.cc.dd -p udp --dport 3128 -j DNAT --to 10.8.0.x
    iptables -A FORWARD -m state --state NEW,ESTABLISHED,RELATED -i eth0 -p tcp --dport 3128 -j ACCEPT
    iptables -A FORWARD -m state --state NEW,ESTABLISHED,RELATED -i eth0 -p udp --dport 3128 -j ACCEPT
    # 10.8.0.x is my vpn network
    iptables -t nat -A POSTROUTING -o eth0 -s -j SNAT --to aa.bb.cc.dd
    ##### Connect the tun devices (for vpn, you probably don't need that but maybe you need to replace tun with eth0...)
    iptables -A FORWARD -i tun+ -j ACCEPT

Share This Page