Solved

IPTables IP forwarding with virtual interface on linux

Posted on 2011-09-17
3
815 Views
Last Modified: 2012-05-12
Experts,

I use APF firewall and am able to add my forwarding rules to /etc/apf/preroute.rules and /etc/postroute.rules

My rules are set as follows:

preroute:

$IPT -t nat -A PREROUTING -p tcp --dport 666 -i eth0:0 -j DNAT --to-destination x.x.x.x:port

postroute:

$IPT -t nat -A POSTROUTING -j MASQUERADE

If I change -i eth0:0 to -i eth0 this works. If I keep this as eth0:0, it fails. I want it to work for the virtual interface eth0:0 - is this because I need to add routing tables for the virtual interfaces? Or a more complex iptables expression?

Thanks for any help!

0
Comment
Question by:dr34m3rs
  • 2
3 Comments
 
LVL 21

Accepted Solution

by:
Papertrip earned 500 total points
ID: 36555379
Because of how netfilter works, it can only act on physical interfaces.

Do this instead:
$IPT -t nat -A PREROUTING -p tcp --dport 666 -i eth0 -d ip.of.eth0:0 -j DNAT --to-destination x.x.x.x:port

Open in new window


The '-i eth0' in that statement is now somewhat redundant, but it's safest to include it anyways.
0
 
LVL 1

Author Comment

by:dr34m3rs
ID: 36555399
You absolutely ROCK! Thank you so much!
0
 
LVL 1

Author Closing Comment

by:dr34m3rs
ID: 36555400
Perfect!
0

Featured Post

New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now