iptabels and DNAT problem

To: debian-user@lists.debian.org
Subject: iptabels and DNAT problem
From: Rudy Gevaert <rudy@zeus.UGent.be>
Date: Wed, 24 Sep 2003 14:22:34 +0200
Message-id: <[🔎] 20030924122234.GA30350@zeus.UGent.be>
Mail-followup-to: Rudy Gevaert <rudy@zeus.UGent.be>, debian-user@lists.debian.org

Hello,

I'm having problems with iptables in a particular setup.

I have defined following interfaces:

eth0      Link encap:Ethernet  HWaddr 00:40:F4:74:52:7F  
          inet addr:157.x.x.100  Bcast:157.x.x.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:35403126 errors:50773 dropped:3204 overruns:43088 frame:0
          TX packets:11556310 errors:0 dropped:0 overruns:2 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:1389250309 (1.2 GiB)  TX bytes:3291432340 (3.0 GiB)
          Interrupt:10 Base address:0xa000 

eth0:1    Link encap:Ethernet  HWaddr 00:40:F4:74:52:7F  
          inet addr:157.x.x.9  Bcast:157.x.x.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:10 Base address:0xa000 

eth0:2    Link encap:Ethernet  HWaddr 00:40:F4:74:52:7F  
          inet addr:157.x.x.24  Bcast:157.x.x.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:10 Base address:0xa000 

eth1      Link encap:Ethernet  HWaddr 00:50:BA:C6:5D:14  
          inet addr:10.0.0.254  Bcast:10.0.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:11618570 errors:0 dropped:16714 overruns:0 frame:0
          TX packets:33498523 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:3306224212 (3.0 GiB)  TX bytes:1148042990 (1.0 GiB)
          Interrupt:9 Base address:0x6100 

eth1 goes to a switch that has the 10.0.0.0/24 subnet behind it.

The default policy of all tables is accept (for now)
I want to forward all trafic on port 80 on eth0:1 to 10.0.0.75:80
I want to forward all trafic on port 25 on eth0:2 to 10.0.0.76:25
I want to forward all trafic on port 22 on eth0:2 to 10.0.0.76:22

I have run the following rules:

iptables -t nat -A PREROUTING -p tcp -d 157.x.x.9 --dport 80 -j DNAT --to-destination 10.0.0.75:80
iptables -t nat -A POSTROUTING -s 10.0.0.75 -p tcp --source-port 80 -o eth0 -j SNAT --to-source 157.x.x.9

iptables -t nat -A PREROUTING -p tcp -d 157.x.x.24 --dport 25 -j DNAT --to-destination 10.0.0.76:25
iptables -t nat -A POSTROUTING -s 10.0.0.76 -p tcp --source-port 25 -o eth0 -j SNAT --to-source 157.x.x.24

iptables -t nat -A PREROUTING -p tcp -d 157.x.x.24 --dport 22 -j DNAT --to-destination 10.0.0.76:22
iptables -t nat -A POSTROUTING -s 10.0.0.76 -p tcp --source-port 22 -o eth0 -j SNAT --to-source 157.x.x.24

And this works for people outside our local network.  But when inside
the local lan it does not work.  People can not connect to .9 en .24
from inside the lan.

I think something is missig but what?

Thanks in advance

-- 
Rudy Gevaert                rudy@zeus.UGent.be
Web page                    http://www.webworm.org
GNU/Linux user and Savannah hacker http://savannah.gnu.org
If you haven't got anything nice to say about anybody, come 
sit next to me.  - Alice Roosevelt Longworth (1884-1980)

Reply to:

Follow-Ups:
- Re: iptabels and DNAT problem
  - From: Rudy Gevaert <rudy@zeus.UGent.be>

Prev by Date: Can't install both gtk and qt dev files?
Next by Date: Re: spam software
Previous by thread: Can't install both gtk and qt dev files?
Next by thread: Re: iptabels and DNAT problem
Index(es):
- Date
- Thread