?
Solved

IPTables IP forwarding with virtual interface on linux

Posted on 2011-09-17
3
Medium Priority
?
929 Views
Last Modified: 2012-05-12
Experts,

I use APF firewall and am able to add my forwarding rules to /etc/apf/preroute.rules and /etc/postroute.rules

My rules are set as follows:

preroute:

$IPT -t nat -A PREROUTING -p tcp --dport 666 -i eth0:0 -j DNAT --to-destination x.x.x.x:port

postroute:

$IPT -t nat -A POSTROUTING -j MASQUERADE

If I change -i eth0:0 to -i eth0 this works. If I keep this as eth0:0, it fails. I want it to work for the virtual interface eth0:0 - is this because I need to add routing tables for the virtual interfaces? Or a more complex iptables expression?

Thanks for any help!

0
Comment
Question by:dr34m3rs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 21

Accepted Solution

by:
Papertrip earned 2000 total points
ID: 36555379
Because of how netfilter works, it can only act on physical interfaces.

Do this instead:
$IPT -t nat -A PREROUTING -p tcp --dport 666 -i eth0 -d ip.of.eth0:0 -j DNAT --to-destination x.x.x.x:port

Open in new window


The '-i eth0' in that statement is now somewhat redundant, but it's safest to include it anyways.
0
 
LVL 1

Author Comment

by:dr34m3rs
ID: 36555399
You absolutely ROCK! Thank you so much!
0
 
LVL 1

Author Closing Comment

by:dr34m3rs
ID: 36555400
Perfect!
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Fine Tune your automatic Updates for Ubuntu / Debian
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question