Solved

IPTables IP forwarding with virtual interface on linux

Posted on 2011-09-17
3
884 Views
Last Modified: 2012-05-12
Experts,

I use APF firewall and am able to add my forwarding rules to /etc/apf/preroute.rules and /etc/postroute.rules

My rules are set as follows:

preroute:

$IPT -t nat -A PREROUTING -p tcp --dport 666 -i eth0:0 -j DNAT --to-destination x.x.x.x:port

postroute:

$IPT -t nat -A POSTROUTING -j MASQUERADE

If I change -i eth0:0 to -i eth0 this works. If I keep this as eth0:0, it fails. I want it to work for the virtual interface eth0:0 - is this because I need to add routing tables for the virtual interfaces? Or a more complex iptables expression?

Thanks for any help!

0
Comment
Question by:dr34m3rs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 21

Accepted Solution

by:
Papertrip earned 500 total points
ID: 36555379
Because of how netfilter works, it can only act on physical interfaces.

Do this instead:
$IPT -t nat -A PREROUTING -p tcp --dport 666 -i eth0 -d ip.of.eth0:0 -j DNAT --to-destination x.x.x.x:port

Open in new window


The '-i eth0' in that statement is now somewhat redundant, but it's safest to include it anyways.
0
 
LVL 1

Author Comment

by:dr34m3rs
ID: 36555399
You absolutely ROCK! Thank you so much!
0
 
LVL 1

Author Closing Comment

by:dr34m3rs
ID: 36555400
Perfect!
0

Featured Post

Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Fine Tune your automatic Updates for Ubuntu / Debian
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question