Solved

IPTables IP forwarding with virtual interface on linux

Posted on 2011-09-17
3
827 Views
Last Modified: 2012-05-12
Experts,

I use APF firewall and am able to add my forwarding rules to /etc/apf/preroute.rules and /etc/postroute.rules

My rules are set as follows:

preroute:

$IPT -t nat -A PREROUTING -p tcp --dport 666 -i eth0:0 -j DNAT --to-destination x.x.x.x:port

postroute:

$IPT -t nat -A POSTROUTING -j MASQUERADE

If I change -i eth0:0 to -i eth0 this works. If I keep this as eth0:0, it fails. I want it to work for the virtual interface eth0:0 - is this because I need to add routing tables for the virtual interfaces? Or a more complex iptables expression?

Thanks for any help!

0
Comment
Question by:dr34m3rs
  • 2
3 Comments
 
LVL 21

Accepted Solution

by:
Papertrip earned 500 total points
ID: 36555379
Because of how netfilter works, it can only act on physical interfaces.

Do this instead:
$IPT -t nat -A PREROUTING -p tcp --dport 666 -i eth0 -d ip.of.eth0:0 -j DNAT --to-destination x.x.x.x:port

Open in new window


The '-i eth0' in that statement is now somewhat redundant, but it's safest to include it anyways.
0
 
LVL 1

Author Comment

by:dr34m3rs
ID: 36555399
You absolutely ROCK! Thank you so much!
0
 
LVL 1

Author Closing Comment

by:dr34m3rs
ID: 36555400
Perfect!
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
policy routing to fw2 18 68
Clarification on Network "Usage" for ESXi host. 13 68
reset ubuntu password for root and admin after clearing it. 7 44
ISP Change 14 50
Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question