New on LowEndTalk? Please Register and read our Community Rules.
(220.127.116.11) Router (10.0.0.254) - (10.0.0.1) Host 1 - (10.0.0.2) Host 2
I have created 2 hosts with 2 private IPs in a NAT setup. NAT Loopback is done such that internal hosts can access the public IP directly. Moreover, a port-forwarding is done from 18.104.22.168:80 to 10.0.0.1:80.
Whenever Host 2 access 22.214.171.124:80, Host 1 will see the incoming packet from 10.0.0.2.
This is working but is that possible to let it pass through the external interface on router such that Host 1 will see the incoming packet coming from 126.96.36.199 instead?
iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 -j DNAT --to 10.0.0.1:80 iptables -t nat -A PREROUTING -d 188.8.131.52 -p tcp --dport 80 -j DNAT --to 10.0.0.1:80 iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o br0 -j MASQUERADE iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -d 10.0.0.1 -p tcp --dport 80 -j MASQUERADE
Well, you've got them on the same subnet so they're going to try to hit locally, first. You could set them on different subnets and set the routing tables accordingly.
This might do what you want, but I haven't tested it. The first line pushed all HTTP traffic to 10.0.0.1 like you did above, but not for the routers' internal interface. The second rule redirects all .1 requests to go through the router, so it /should/ use that interface, but it'll probably come from the shared interface rather than externally. You'll need to tell the router what to do with the traffic as well.
-j MASQUERADEhere, use
-j SNAT --to 184.108.40.206instead.
No 5king Id3a
That's strange, with your
MASQUERADErule it should have seen the connection coming from 10.0.0.254, no?
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -F
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.12.77:80
iptables -t nat -A POSTROUTING -p tcp -d 192.168.12.77 --dport 80 -j SNAT --to-source 192.168.12.87
@Letzien Thanks for the input, this results in the incoming packet from 10.0.0.254 due to the second rule.
Thanks @psb777! That works. Is there are any side effects using this? I know that all internal traffic from 10.0.0.2 will show as external IP now.
@FoxelVox Thanks. Although I didn't try your code but it should work and similar with the results below.
You shouldn’t be using 220.127.116.11, this is a part of Internet routable subnet.
Hi Clouvider, thanks for commenting! It is just an example IP, I am hiding my external IP here using 18.104.22.168
On a side note, I always think that Clouvider is the provider that I should try one day but I don't need any powerful dedicated servers in UK yet
Makes sense :-). I only picked up on it as we see issues with some connectivity Customers who use 22.214.171.124/24 in their networks internally and then complain to us about issues reaching Cloudflare DNS...
Suggestion, there are blocks reserved for the purpose of documentation, https://tools.ietf.org/html/rfc5737 - I’m not picky, just trying to be helpful :-).
Looking forward to it! Whenever you have a need, reach out, I’ll cut you a deal!
That's an interesting RFC, didn't know about it until now
Thanks in advance for the deal! I need to build some projects first before I need them unless it is a great deal for VPS which I can add to my idling collection. Roughly 70% of the VPS that I bought in LET are still idling lol
Psychz LAX also uses 126.96.36.199 for cisco ip
That depends on whether you have other rules, but generally speaking, there shouldn't be any side effects.
iptables -t nat -A POSTROUTING -s 10.0.0.2 -d 10.0.0.1 -j SNAT --to 188.8.131.52
Even with that rule on your router, when the host 10.0.0.2 connects 10.0.0.1 directly, the traffic won't pass through your router at all, and thus won't be NAT'd. Given your current ruleset, it will only take effect when 10.0.0.2 tries to access 184.108.40.206 port 80.
That's the only important IPTables rules. Thanks for the great and detailed explanation!