Solved

IPTables IP forwarding with virtual interface on linux

Posted on 2011-09-17
3
859 Views
Last Modified: 2012-05-12
Experts,

I use APF firewall and am able to add my forwarding rules to /etc/apf/preroute.rules and /etc/postroute.rules

My rules are set as follows:

preroute:

$IPT -t nat -A PREROUTING -p tcp --dport 666 -i eth0:0 -j DNAT --to-destination x.x.x.x:port

postroute:

$IPT -t nat -A POSTROUTING -j MASQUERADE

If I change -i eth0:0 to -i eth0 this works. If I keep this as eth0:0, it fails. I want it to work for the virtual interface eth0:0 - is this because I need to add routing tables for the virtual interfaces? Or a more complex iptables expression?

Thanks for any help!

0
Comment
Question by:dr34m3rs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 21

Accepted Solution

by:
Papertrip earned 500 total points
ID: 36555379
Because of how netfilter works, it can only act on physical interfaces.

Do this instead:
$IPT -t nat -A PREROUTING -p tcp --dport 666 -i eth0 -d ip.of.eth0:0 -j DNAT --to-destination x.x.x.x:port

Open in new window


The '-i eth0' in that statement is now somewhat redundant, but it's safest to include it anyways.
0
 
LVL 1

Author Comment

by:dr34m3rs
ID: 36555399
You absolutely ROCK! Thank you so much!
0
 
LVL 1

Author Closing Comment

by:dr34m3rs
ID: 36555400
Perfect!
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Vyos VLANs 14 60
asset tags - importance 3 57
can't ssh to external IP 9 63
How to secure access to a folder on windows server 2008 R2 6 65
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question