05-17-2013
IPTables can do NAT, but here someone else does it for you, so all addresses are inside addresses or real remote Internet addresses.
NAT/PAT generaly hides inside addresses, not Internet remote addresses.
I suppose you could write or configure a NAT/PAT to forward packets to you with the remote address changed to ones of the NAT host, and when packets return to the NAT host, it knows which host-port become what remote host-port. That ensures the NAT/PAT packets route back to the NAT/PAT host, but seems a waste of time. Usually the NAT/PAT packets have the remote Internet client or server host and port, it is the inside addresses that are protected, and it just does not work if your routing sends response packets to a different firewall. Usually inside addresses are either registered Internet ready, unroutable like 10.*.*.* or stolen/made-up. I suppose if you have stolen, you need to ensure the real ones are serviced and not a threat!
This User Gave Thanks to DGPickett For This Post:
10 More Discussions You Might Find Interesting
1. IP Networking
Greetings to all.
My new firewall is giving me one hell of a problem.
I'm running iptables and masquerading my intranet
thru NAT. But here is the problem. Whenever I try
to FTP to a server outside of my lan I get a 500
illegal port error.
I've come to the conclusion that NAT is... (2 Replies)
Discussion started by: phrater
2 Replies
2. UNIX for Advanced & Expert Users
Hello Guys,
I have a debian machine that work as a firewall (iptables + squid 2.6) with two physical interfaces: eth0 (public interface) and eth1 (internal interface LAN). I have created an alias eth1:1 in order to have two subnets on same physical interface:
cat/etc/network/interfaces
auto... (0 Replies)
Discussion started by: sincity2006
0 Replies
3. IP Networking
Hi Experts;
I want to find the right iptables commands combination to address the following need:
- NEs are NATed thru the linux box (using iptables) towards the WAN cloud, where the NTP servers are situated.
- In order to achieve redundancy, the NTP Servers are in a load balancing cluster... (0 Replies)
Discussion started by: lvl1s7a
0 Replies
4. Debian
Hello, the Nat and the forward worked on my debian server up to the reboot of machines.
The following rules*:
/sbin/iptables -t nat -A PREROUTING -p tcp -i eth2 -d xxx.xxx.xxx.xxx --dport 29070 -j DNAT --to-destination 10.0.1.7:29070
/sbin/iptables -A FORWARD -p tcp -i eth2 -o eth0 -d... (0 Replies)
Discussion started by: titoms
0 Replies
5. IP Networking
Good morning,
I'm a newbie of iptables and as far as I've seen on tutorials on the Internet it seems that both prerouting and postrouting NAT chains are undergone both by a packet that goes from an internal LAN to the Internet and of a one that goes in the opposite direction (from the Internet to... (0 Replies)
Discussion started by: giac85
0 Replies
6. Red Hat
Hello, please can you help and explain me.
I have two servers. Both are RHEL6.
I use the first one like router and the second one for apache.
Router forwards 80 port on the second server and I can open that from the internet (mysite.com, for example). But I can not open mysite.com if i try to... (0 Replies)
Discussion started by: 6765656755
0 Replies
7. IP Networking
Hi all,
I have a following situation:
- I want certain source IPs to be natted to a different destination IP and Port. Following is how I am achieving it:
/usr/local/sbin/iptables -t nat -A PREROUTING -p tcp -s 192.168.10.12
--dport 1500 -j DNAT --to-destination 192.168.10.20:2000
... (3 Replies)
Discussion started by: ahmerin
3 Replies
8. IP Networking
Hello,
Recently I discovered an issue with packet routing in the latest Android releases (4.4+ KitKat & Lollipop).
It seems that the problem Android specific, but essentially it comes from the Linux kernel.
I already filed a bug report to Google. You can see the details by searching for... (0 Replies)
Discussion started by: Vladislav
0 Replies
9. IP Networking
Hi guys
I'm running on debian on a small embedded system. I have a ppp interface that is connected to the internet (and works). My unit also has wifi access point (which works and I can connect to it).
I want to allow connections to the wifi to be able to use the internet from ppp0... (1 Reply)
Discussion started by: alirezan1
1 Replies
10. Cybersecurity
good day good people
hi
first to tell that firewall and vpn is working as expected, but I notice something strange.
I have host system 11.11.11.11(local ip) firewall is blocking everything except port to vpn.
I have vpn on virtualized system 22.22.22.22 (CentOS both host and virtual). ... (0 Replies)
Discussion started by: end
0 Replies