[NTLUG:Discuss] Iptables NAT not working and no logs
Neil Aggarwal
neil at JAMMConsulting.com
Sun Oct 4 20:26:37 CDT 2009
Hello all:
I am having trouble getting NAT with iptables to work.
I have this configuration:
Internet --- Linux machine --- Windows machine
The windows machine is on a private IP.
I am able to go to the linux machine and load the
web site from the windows machine using lynx with
the private IP. That means there should not be a
problem going from the linux machine to the windows
machine.
I have tied a public IP address a.b.c.d to the
linux machine and entered these rules in its
firewall:
echo "1" > /proc/sys/net/ipv4/ip_forward
/sbin/ifconfig eth0:1 $WIN_EXTERNAL_IP netmask $ETH0_NETMASK broadcast
$ETH0_BCAST
/sbin/iptables -t nat -A PREROUTING -d $WIN_EXTERNAL_IP -j DNAT --to
$WIN_INTERNAL_IP
/sbin/iptables -t nat -A POSTROUTING -s $WIN_INTERNAL_IP -j SNAT --to
$WIN_EXTERNAL_IP
I have these log entries at the bottom of the firewall rules:
/sbin/iptables -A INPUT -j LOG --log-prefix "INPUT "
/sbin/iptables -A OUTPUT -j LOG --log-prefix "OUTPUT "
/sbin/iptables -A FORWARD -j LOG --log-prefix "FORWARD "
INPUT, OUTPUT, and FORWARD are set to default DROP.
The nat tables are all set to default ACCEPT.
When I try to go to the external IP address http://a.b.c.d from
another network, it does not connect and I do not see anything
in the firewall logs.
Any ideas?
Thanks,
Neil
--
Neil Aggarwal, (281)846-8957, www.JAMMConsulting.com
Will your e-commerce site go offline if you have
a DB server failure, fiber cut, flood, fire, or other disaster?
If so, ask about our geographically redundant database system.
More information about the Discuss
mailing list