How to use netfilter to do static IP mapping?
Jason Opperisano
opie at 817west.com
Fri Sep 24 08:57:37 CEST 2004
On Thu, 2004-09-23 at 23:24, Patrick Dung wrote:
> Dear All
>
> This is what I want:
>
> eth0 as internet (1.1.1.1)
> eth1 as dmz (10.1.1.1)
>
> dmz has a web (10.1.1.2) and dns (10.1.1.3) server
> with private IP.
> The netfilter fw will do the static IP (public to
> private) IP mapping.
> Avaliable public IP (example):
> 1.1.1.1 (eth0), 1.1.1.2 (for web), 1.1.1.3 (for dns)
>
> Now I have these rules:
>
> iptables -t nat -A PREROUTING -i eth0 -d 1.1.1.2 -p
> tcp --dport 80 -j DNAT --to 10.1.1.2:80
> iptables -t nat -A PREROUTING -i eth0 -d 1.1.1.3 -p
> udp --dport 53 -j DNAT --to 10.1.1.3:53
>
> The problem is that there is no response from 1.1.1.2
> and 1.1.1.3.
> Do I need other special setting (proxy arp?)
yup. on netfilter machine:
ip address add 1.1.1.2 dev eth0
ip address add 1.1.1.3 dev eth0
remember to use 10.1.1.[23] in your filter rules and not 1.1.1.[23].
-j
--
Jason Opperisano <opie at 817west.com>
More information about the netfilter
mailing list