LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] iptables questions

[ILUG] iptables questions

John Allman allmanj at houseofireland.com
Thu Oct 3 15:53:04 IST 2002 

Dermot Beirne wrote:

>Hi,
>I'm am trying to do something with iptables that I thought would be simple.
>
>The situation is this:
>
>Customer connects to our router from, say 1.2.3.0 network, to get an ftp
>connection to one of our servers.
>Our server has a 10.10.10.1 address, but the customer will only route to
>registered addresses.
>Therefore, I want to NAT the registered address into the 10 address, and
>allow communication on the ftp session run back and forth.
>
>Can i not just put a linux box on the network with one network card
>configured with the registered IP address they are trying to connect to.
>Then, put a route on our router directing traffic to the registered direct
>to my linux box.  I figured this could then simply NAT the destination to
>the
>10 series address and send it back to the router to be send onwards to the
>ftp server.  I don't even want it to know it if ftp traffic, just a blind
>dumb
>NAT from one address to the other, and then back again, so that the customer
>thinks they are talking to our FTP server at it's registered address.
>
>I've been trying to get an IPtable rule to do this, and it just isn't
>working.  I know i may need two network cards, or whatever, but if someone
>can direct me, I might realise where I'm going wrong.
>
>Dermot.
>
>  
>
I'm not too sure what your situation is - could you maybe draw a little 
text diagram to make it clear? from the sounds of things you either need 
to bind a second ip address to your network card or you need to look at 
the PREROUTING chain and the DNAT target. It could be just me not 
following your question - if you dont get an answer try posting a 
diagram. you'll also want the ip_nat_ftp module if you go the iptables 
route.

good luck

John

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell