From: "Carlo Florendo" <carlo@hq.astra.ph>
To: netfilter@lists.netfilter.org
Subject: DNAT from an IP address that does not exist to another that exists
Date: Wed, 30 Jul 2003 11:13:35 +0800 [thread overview]
Message-ID: <01b401c35648$908ba210$200aa8c0@thorin> (raw)
Hello iptables gurus,
How do I setup iptables such that connections to a certain non-existent IP address is DNAT to another IP address within the
network?
Here's an explanation of the problem. Sorry for the verbosity. It's my first time to post in this list. :-)
I have several machines on my network and one gateway machine.
I've setup the gateway to do IP masquerading and everything's fine (i.e. any machine from the local network can acces the internet
flawlessly).
The gateway runs services such as ssh and http. Other machines on the local network run their respective services as well.
I want to achieve a setup such that connections to a certain non-existent IP address is DNAT to another IP address within the
network.
The gateway address is 192.168.30.1
The non-existent address which I want to DNAT to another machine within the network is 192.168.40.40
The existent IP address where I want 192.168.40.40 to be forwarded to, is 192.168.30.11
Here are 2 cases:
case 1). The non-existent IP address is DNAT to the the gateway (i.e. the accepting machine itself).
When I do this, everything works fine. (i.e. I get to access 192.168.40.40 as if it really existed although what I'm really
accessing is the gateway machine 192.168.30.1).
Here is how the configuration worked:
iptables -t nat -D PREROUTING -d 192.168.40.40 -j DNAT --to 192.168.30.1
case 2). The non-existent IP address is DNAT to another machine within the network (not the gateway).
Here's what I think is the solution but it does not work.
iptables -t nat -D PREROUTING -d 192.168.40.40 -j DNAT --to 192.168.30.11
I wanted to force our users to access 192.168.40.40 since it is *NOT* in the same network. Thus, all connections to it pass through
the gateway.
The solution does not work. Are there any pointers on how to make this possible?
A link to the network diagram is here: http://210.23.193.154/zxff/qsz.html
Thanks a lot!
Best Regards,
Carlo
------
Carlo Florendo
Astra Philippines Inc.
URL: http://www.hq.astra.ph/resources
next reply other threads:[~2003-07-30 3:13 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-07-30 3:13 Carlo Florendo [this message]
[not found] <004e01c35caf$86bd4910$200aa8c0@thorin>
2003-08-07 6:55 ` DNAT from an IP address that does not exist to another that exists Carlo Florendo
2003-08-07 12:03 ` Whit Blauvelt
-- strict thread matches above, loose matches on Subject: below --
2003-07-30 3:48 George Vieira
2003-07-30 4:06 ` Carlo Florendo
2003-07-30 3:40 George Vieira
2003-07-30 3:09 Carlo Florendo
2003-08-01 15:13 ` Chris Wilson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='01b401c35648$908ba210$200aa8c0@thorin' \
--to=carlo@hq.astra.ph \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.