Thursday, May 20

Linux iptables NAT, Port forwarding, Masquerade, Port Redirection Configuration

Linux iptables NAT, Port forwarding, Masquerade, Port Redirection Configuration


If your have two network cards eth0, eth1
lets assume
eth0 is connected to local network
eth1 is connected to public network(or ppp0)

Masquerading

1)To enable nat on eth0 for all local network users

If you are running iptables service,  use the following method

#echo 1 > /proc/sys/net/ipv4/ip_forward
#iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

To save this changes
#iptables-save > /etc/sysconfig/iptables
or  
#service iptables save
#service iptables restart

This will enable Masquerade. Now you can configure eth0 as the gateway for local network.

If you are not running iptables service
edit /etc/rc.local and add the below lines

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE


Then  execute the ./rc.local file

2) To enable nat on eth0 for specified network user ips

#echo 1 > /proc/sys/net/ipv4/ip_forward
#iptables -t nat -A POSTROUTING -s x.x.x.x(ip of local user system1) -o eth1 -j MASQUERADE
#iptables -t nat -A POSTROUTING -s x.x.x.x(ip of local user system2) -o eth1 -j MASQUERADE
#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE 

Port Redirection

1)To redirect external 80 port traffic to 3128 port

#iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128

2)To redirect external rdp port traffic to any local systems rdp port.

#iptables -t nat -A PREROUTING -t nat -p tcp -d x.x.x.x(eth1 ip) --dport 3389 -j DNAT --to x.x.x.x(ip of any local network system):3389
 or
#iptables -t nat -A PREROUTING -t nat -p tcp -d x.x.x.x(eth1 ip) --dport 3382 -j DNAT --to x.x.x.x(ip of any local network system):3389


Based on your requirement, you can change the port and ip




FOLLOW US :-        
                Google+         Follow Me on Pinterest

0 comments:

Post a Comment