bradber
asked on
using DNAT and IPtables not working for second of two public interfaces
Greetings,
I am an ubuntu noob and would appreciate help with DNAT on Ubuntu 12.04, which I am using for a firewall/router. I have two public interfaces and one private interface. I want to DNAT traffic from public interface eth0 to 10.1.1.5 on the private LAN, and I want to DNAT traffic from public interface eth2 to 10.1.1.6 on the private LAN.
I am using IPTABLES, and this is my configuration:
/sbin/iptables -t nat -A PREROUTING -p tcp -d X.X.X.X --dport 80 -j DNAT --to
10.1.1.5:80
/sbin/iptables -t nat -A PREROUTING -p tcp -d y.y.y.y --dport 80 -j DNAT --to
10.1.1.6:80
where:
x.x.x.x = eth0
y.y.y.y = eth2
DNAT works for eth0 but not for eth2, although I can ping y.y.y.y from the public side.
Can anyone please help me determine why DNAT is not working for eth2? Does DNAT only work on the primary interface?
Thanks in advance!
I am an ubuntu noob and would appreciate help with DNAT on Ubuntu 12.04, which I am using for a firewall/router. I have two public interfaces and one private interface. I want to DNAT traffic from public interface eth0 to 10.1.1.5 on the private LAN, and I want to DNAT traffic from public interface eth2 to 10.1.1.6 on the private LAN.
I am using IPTABLES, and this is my configuration:
/sbin/iptables -t nat -A PREROUTING -p tcp -d X.X.X.X --dport 80 -j DNAT --to
10.1.1.5:80
/sbin/iptables -t nat -A PREROUTING -p tcp -d y.y.y.y --dport 80 -j DNAT --to
10.1.1.6:80
where:
x.x.x.x = eth0
y.y.y.y = eth2
DNAT works for eth0 but not for eth2, although I can ping y.y.y.y from the public side.
Can anyone please help me determine why DNAT is not working for eth2? Does DNAT only work on the primary interface?
Thanks in advance!
ASKER
Arnold,
I am trying to set up port forwarding from external access to an internal system. I have two public-facing interfaces on the Ubuntu firewall. I have two servers on a switch connected to the private side of the Ununtu firewall. I would like to forward traffic from public-facing eth0 to the server with private IP address 10.1.1.5 and I would like to forward traffic from public-facing eth2 to the server with private address 10.1.1.6.
My rules for eth0 and eth2 are matched, only the ip addresses and interface numbers differ.
I do not have any rules with -t NAT -L PREROUTING; I only have rule with -t NAT -A PREROUTING
Should I be using the -L option instead?
I am trying to set up port forwarding from external access to an internal system. I have two public-facing interfaces on the Ubuntu firewall. I have two servers on a switch connected to the private side of the Ununtu firewall. I would like to forward traffic from public-facing eth0 to the server with private IP address 10.1.1.5 and I would like to forward traffic from public-facing eth2 to the server with private address 10.1.1.6.
My rules for eth0 and eth2 are matched, only the ip addresses and interface numbers differ.
I do not have any rules with -t NAT -L PREROUTING; I only have rule with -t NAT -A PREROUTING
Should I be using the -L option instead?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Arnold, I am going to try using the -i eth2 instead of -d yy.yy.yyy.yyy and I expect that will fix it . If not, I will use tcpdump to troubleshoot. I have to set this aside for several days so I can't verify that it works yet but am going to go ahead and award the points.
Thanks for the help!
Thanks for the help!
Are you trying to setup port forwarding from external access to an internal system?
Do you have a similar rule on the INPUT interface?
You might want to include the -i eth2/eth0
Could you look at iptables -t NAT -L PREROUTNG --line-numbers to see whether you have a rule that matches before the one you referenced.
Does your eth0 versus eth2 interface differ in the iptables rules?