Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to
LinuxQuestions.org , a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free.
Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please
contact us . If you need to reset your password,
click here .
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a
virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month.
Click here for more info.
02-10-2011, 07:25 AM
#1
LQ Newbie
Registered: Feb 2011
Posts: 3
Rep:
static ( one to one ) natting issue in Iptables for RHEL5
Hi everybody,
I have joined this forum because I am badly struggling with linux natting problem for more than 2 months and I need all of your help to resolve it.We are using iptable with RHEL5 and Need to do static nat for public IP with private IP.
Here is the detail configuration :
Step 1 : IP packet forwarding is enabled in /etc/sysctl.conf file.
Step 2 : iptables -t nat -I PREROUTING -d (Public IP) -j DNAT --to-destination (Private IP)
iptables -t nat -I POSTROUTING -s (Private IP) -j SNAT --to-source (Public IP)
iptables -I FORWARD -d (Private IP) -j ACCEPT
Please let me know what exactly is missing ?? I am looking forward for some really good solution from this forum.
02-10-2011, 03:44 PM
#2
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
You're missing a FORWARD rule for the packets going in the other direction (private IP as source). In addition (although not the cause of the issue), I recommend you make a habit of specifying the inbound/outbound interfaces whenever possible.
BTW, I'll probably move this to Networking soon, as it isn't a security issue.
Last edited by win32sux; 02-10-2011 at 03:47 PM .
02-16-2011, 11:30 PM
#3
LQ Newbie
Registered: Feb 2011
Posts: 3
Original Poster
Rep:
Hi,
I added following forward chain :
iptables -I FORWARD -s(Private IP) -j ACCEPT
But still it is not working ......Kindly help.
02-17-2011, 01:52 PM
#4
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
Please post the output of these commands:
Code:
iptables -nvL --line-numbers
Code:
iptables -t nat -nvL --line-numbers
Code:
cat /proc/sys/net/ipv4/ip_forward
Last edited by win32sux; 02-17-2011 at 01:53 PM .
02-22-2011, 03:46 AM
#5
LQ Newbie
Registered: Feb 2011
Posts: 3
Original Poster
Rep:
Please find the Output of commands as requested :
Command 1 : iptables -nvL --line-numbers
Code:
Chain INPUT (policy ACCEPT 3164K packets, 420M bytes)
num pkts bytes target prot opt in out source destination
1 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID LOG flags 0 level 4 prefix `FIREWALL:INVALID'
2 1437 117K ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
3 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
4 0 0 DROP tcp -- * * !172.20.48.0/24 0.0.0.0/0 tcp dpt:111
Chain FORWARD (policy ACCEPT 93 packets, 8480 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT tcp -- * * 172.20.48.12 172.17.68.52 multiport dports 10050,10051
2 0 0 ACCEPT tcp -- * * 172.17.68.52 172.20.48.12 multiport dports 10050,10051
3 0 0 ACCEPT tcp -- * * 172.20.48.10 172.17.68.52 multiport dports 10050,10051
4 0 0 ACCEPT tcp -- * * 172.17.68.52 172.20.48.10 multiport dports 10050,10051
5 0 0 ACCEPT tcp -- * * 172.20.48.9 172.17.68.52 multiport dports 10050,10051
6 0 0 ACCEPT tcp -- * * 172.17.68.52 172.20.48.9 multiport dports 10050,10051
7 14755 6674K ACCEPT all -- eth0 eth1 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
8 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.9.117 multiport dports 443,1352,80,8080
9 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.19.144.215 multiport dports 443,1352,80,8080
10 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.127.11 multiport dports 443,1352,80,8080
11 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.127.12 multiport dports 443,1352,80,8080
12 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.9.118 multiport dports 443,1352,80,8080
13 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.126.241 multiport dports 443,1352,80,8080
14 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.9.10 multiport dports 443,1352,80,8080
15 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.126.242 multiport dports 443,1352,80,8080
16 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.9.14 multiport dports 443,1352,80,8080
17 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.19.144.227 multiport dports 443,1352,80,8080
18 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.127.195 multiport dports 443,1352,80,8080
19 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.9.192 multiport dports 443,1352,80,8080
20 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.127.196 multiport dports 443,1352,80,8080
21 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.9.193 multiport dports 443,1352,80,8080
22 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.9.194 multiport dports 443,1352,80,8080
23 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.21.161.40 multiport dports 443,80,8080
24 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.20.33.141 multiport dports 443,1352,80,8080
25 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.16.176.121 multiport dports 443,1352,80,8080
26 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.20.80.107 multiport dports 443,1352,80,8080
27 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.20.33.210 multiport dports 443,1352,80,8080
28 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.21.161.183 multiport dports 443,1352,80,8080
29 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.21.32.33 multiport dports 443,1352,80,8080
30 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.18.18.204 multiport dports 443,1352,80,8080
31 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.19.193.96 multiport dports 443,1352,80,8080
32 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.19.144.213 multiport dports 443,1352,80,8080
33 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.25.68.97 multiport dports 443,1352,80,8080
34 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.25.137.72 multiport dports 443,1352,80,8080
35 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.10.41 multiport dports 443,1352,80,8080
36 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.10.42 multiport dports 443,1352,80,8080
37 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.10.43 multiport dports 443,1352,80,8080
38 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.10.44 multiport dports 443,1352,80,8080
39 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.9.2 multiport dports 443,1352,80,8080
40 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.9.189 multiport dports 443,1352,80,8080
41 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.9.117 multiport dports 443,1352,80,8080
42 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.9.89 multiport dports 443,1352,80,8080
43 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.9.118 multiport dports 443,1352,80,8080
44 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.9.10 multiport dports 443,1352,80,8080
45 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.9.14 multiport dports 443,1352,80,8080
46 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.9.192 multiport dports 443,1352,80,8080
47 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.9.193 multiport dports 443,1352,80,8080
48 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.9.194 multiport dports 443,1352,80,8080
49 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.9.206 multiport dports 443,1352,80,8080
50 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.9.87 multiport dports 443,1352,80,8080
51 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.10.45 multiport dports 443,1352,80,8080
52 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.10.46 multiport dports 443,1352,80,8080
53 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.10.47 multiport dports 443,1352,80,8080
54 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.10.48 multiport dports 443,1352,80,8080
55 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.125.239 multiport dports 443,1352,80,8080
56 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.125.240 multiport dports 443,1352,80,8080
57 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.125.241 multiport dports 443,1352,80,8080
58 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.125.242 multiport dports 443,1352,80,8080
59 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.127.195 multiport dports 443,1352,80,8080
60 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.125.7 multiport dports 443,1352,80,8080
61 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.125.8 multiport dports 443,1352,80,8080
62 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.245.23 multiport dports 443,1352,80,8080
63 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.21.161.162 multiport dports 443,1352
64 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.20.80.243 multiport dports 443,1352
65 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.19.48.82 multiport dports 443,1352
66 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.18.18.161 multiport dports 443,1352
67 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.19.22.163 multiport dports 443,1352
68 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.9.113 multiport dports 443,1352
69 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.50.4.57 multiport dports 443,1352
70 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.51.5.52 multiport dports 443,1352
71 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.51.5.42 multiport dports 443,1352
72 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.20.32.90 multiport dports 443,80
73 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.164.89 multiport dports 443,80
74 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.10.221 multiport dports 443,80
75 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.88.237 multiport dports 9524,80,135
76 0 0 ACCEPT tcp -- * * 172.17.88.237 172.20.48.0/24 multiport dports 9524,80,135
77 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.10.222 multiport dports 443,80
78 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.25.136.203 multiport dports 443,80
79 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.9.160 multiport dports 443,80
80 0 0 ACCEPT all -- * * 172.20.48.0/24 172.17.92.60
81 0 0 ACCEPT all -- * * 172.20.48.0/24 172.17.166.130
82 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.9.112 multiport dports 443,1533,80,8080
83 0 0 ACCEPT all -- * * 172.20.48.0/24 172.25.136.203
84 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.25.136.203 multiport dports 443,80
85 0 0 ACCEPT all -- * * 172.20.48.0/24 210.210.25.111
86 0 0 ACCEPT all -- * * 172.20.48.0/24 172.17.9.80
87 0 0 ACCEPT udp -- * * 172.20.48.0/24 172.17.112.0/21 udp dpt:53
88 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.112.0/21 multiport dports 443,9000
89 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.164.122 tcp dpt:443
90 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.112.0/21 multiport dports 443,80,8000
91 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.164.152 tcp dpt:443
92 0 0 ACCEPT all -- * * 172.20.48.0/24 172.17.164.199
93 0 0 ACCEPT all -- * * 172.20.48.0/24 172.17.126.102
94 0 0 ACCEPT all -- * * 172.20.48.0/24 172.17.164.239
95 0 0 ACCEPT all -- * * 172.20.48.0/24 172.17.9.103
96 0 0 ACCEPT all -- * * 172.20.48.0/24 172.17.126.114
97 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.164.85 tcp dpt:443
98 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.167.202 tcp dpt:443
99 0 0 ACCEPT all -- * * 172.20.48.0/24 172.17.120.119
100 0 0 ACCEPT all -- * * 172.20.48.0/24 172.17.164.198
101 0 0 ACCEPT all -- * * 172.20.48.0/24 172.17.125.250
102 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.164.155 tcp dpt:443
103 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.165.177 tcp dpt:443
104 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.243.11 tcp dpt:443
105 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.117.125 tcp dpt:443
106 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.166.132 tcp dpt:443
107 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.117.122 tcp dpt:443
108 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.9.173 tcp dpt:8080
109 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.9.217 tcp dpt:8080
110 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.10.33 tcp dpt:8080
111 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.10.31 tcp dpt:8080
112 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.10.32 tcp dpt:8080
113 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.10.22 tcp dpt:8080
114 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.19.144.174 tcp dpt:8080
115 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.20.12.170 tcp dpt:8080
116 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.123.19 tcp dpt:8080
117 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.166.230 tcp dpt:443
118 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.19.144.172 tcp dpt:15871
119 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.19.144.173 tcp dpt:15871
120 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.21.161.170 tcp dpt:8080
121 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.242.31 multiport dports 15871,8080
122 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.242.32 multiport dports 15871,8080
123 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.242.33 multiport dports 15871,8080
124 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.126.114 tcp dpt:80
125 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.253.45 tcp dpt:80
126 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.9.132 multiport dports 53,443,1533
127 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.9.159 multiport dports 80,443,1533
128 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.165.169 tcp dpt:443
129 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.165.115 tcp dpt:443
130 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.165.229 tcp dpt:443
131 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.165.170 tcp dpt:443
132 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.164.252 tcp dpt:443
133 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.20.117.98 tcp dpt:443
134 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.9.96 tcp dpt:443
135 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.165.59 tcp dpt:443
136 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.164.47 tcp dpt:443
137 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.167.25 tcp dpt:443
138 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.164.43 tcp dpt:443
139 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.123.11 tcp dpt:443
140 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.127.24 multiport dports 80,443,1352
141 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.126.227 multiport dports 80,8082
142 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.9.47 multiport dports 80,57884,443
143 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.9.112 multiport dports 80,443
144 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.88.22 multiport dports 139,515,3125
145 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.92.6 multiport dports 139,515,3125
146 108 5184 ACCEPT tcp -- * * 172.20.48.0/24 172.17.93.229 multiport dports 94,139,9401,9494,9495
147 0 0 ACCEPT all -- * * 172.20.48.0/24 172.17.93.150
148 1369 55048 ACCEPT tcp -- * * 172.20.48.0/24 172.17.92.31 multiport dports 80,8443,2967
149 567 73574 ACCEPT tcp -- * * 172.20.48.0/24 172.17.10.233 tcp dpt:80
150 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.161.195 tcp dpt:80
151 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.206.61 tcp dpt:80
152 0 0 ACCEPT all -- * * 172.17.93.160 172.20.48.0/24
153 0 0 ACCEPT all -- * * 172.20.48.0/24 172.17.93.160
154 0 0 ACCEPT tcp -- * * 172.17.93.160 172.20.48.0/24 tcp dpt:5599
155 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.93.160 multiport dports 1024,1025
156 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.9.68 tcp dpt:1533
157 0 0 ACCEPT udp -- * * 172.20.48.0/24 172.17.9.68 udp dpt:1533
158 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.9.160 tcp dpt:5222
159 0 0 ACCEPT udp -- * * 172.20.48.0/24 172.17.9.160 udp dpt:5222
160 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.136.93 multiport dports 443,1533
161 0 0 ACCEPT udp -- * * 172.20.48.0/24 172.17.136.93 multiport dports 443,1533
162 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.90.13 tcp dpt:80
163 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.126.126 multiport dports 80,443,1352
164 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.20.95.50 multiport dports 80,8080
165 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.164.95 multiport dports 80,443
166 8479 772K ACCEPT all -- * * 172.20.48.0/24 172.17.92.1
167 5587 844K ACCEPT all -- * * 172.20.48.0/24 172.17.92.2
168 54 14764 ACCEPT all -- * * 172.20.48.0/24 172.17.9.21
169 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.88.12 multiport dports 80,443
170 0 0 ACCEPT udp -- * * 172.20.48.0/24 172.17.88.12 udp dpt:443
171 451 189K ACCEPT tcp -- * * 172.20.48.0/24 172.17.92.6 multiport dports 80,443
172 0 0 ACCEPT udp -- * * 172.20.48.0/24 172.17.92.6 udp dpt:443
173 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.92.46 tcp dpt:23
174 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.102.111 tcp dpt:23
175 0 0 ACCEPT all -- * * 172.20.48.0/24 157.227.246.102
176 0 0 ACCEPT tcp -- * * 172.20.48.0/24 172.17.93.229 multiport dports 139,9494,9495
177 2225 576K DROP all -- * * 172.20.48.0/24 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 42455 packets, 5818K bytes)
num pkts bytes target prot opt in out source destination
Chain LOG-and-ACCEPT (0 references)
num pkts bytes target prot opt in out source destination
1 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 6 level 7 prefix `Monitored Packets'
2 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain LOG-and-DROP (0 references)
num pkts bytes target prot opt in out source destination
1 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 6 level 7 prefix `Dropped Packets'
Command 2 : iptables -t nat -nvL --line-numbers
Code:
Chain PREROUTING (policy ACCEPT 112K packets, 21M bytes)
num pkts bytes target prot opt in out source destination
1 0 0 DNAT all -- * * 0.0.0.0/0 172.17.93.69 to:172.20.48.12
2 0 0 DNAT all -- * * 0.0.0.0/0 172.17.93.68 to:172.20.48.10
3 0 0 DNAT all -- * * 0.0.0.0/0 172.17.93.67 to:172.20.48.9
Chain POSTROUTING (policy ACCEPT 117 packets, 9078 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 SNAT all -- * * 172.20.48.12 0.0.0.0/0 to:172.17.93.69
2 133 6384 SNAT all -- * * 172.20.48.10 0.0.0.0/0 to:172.17.93.68
3 80 4008 SNAT all -- * * 172.20.48.9 0.0.0.0/0 to:172.17.93.67
4 6608 820K SNAT all -- * eth0 172.20.48.0/24 0.0.0.0/0 to:172.17.89.92
Chain OUTPUT (policy ACCEPT 2629 packets, 210K bytes)
num pkts bytes target prot opt in out source destination
Command 3 : cat /proc/sys/net/ipv4/ip_forward
Command 4 : route -n
Code:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.20.48.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
172.17.88.0 0.0.0.0 255.255.248.0 U 0 0 0 eth0
0.0.0.0 172.17.95.254 0.0.0.0 UG 0 0 0 eth0
Command 5 : ifconfig
Code:
eth0 Link encap:Ethernet HWaddr 00:12:3F:3F:D8:9A
inet addr:172.17.89.92 Bcast:172.17.95.255 Mask:255.255.248.0
inet6 addr: fe80::212:3fff:fe3f:d89a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:761801 errors:0 dropped:0 overruns:0 frame:0
TX packets:22691 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:75686268 (72.1 MiB) TX bytes:3147618 (3.0 MiB)
Interrupt:169
eth1 Link encap:Ethernet HWaddr 00:80:5F:D7:7A:F8
inet addr:172.20.48.14 Bcast:172.20.48.255 Mask:255.255.255.0
inet6 addr: fe80::280:5fff:fed7:7af8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:50893634 errors:0 dropped:0 overruns:0 frame:0
TX packets:455768 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:741797787 (707.4 MiB) TX bytes:418481541 (399.0 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:11851 errors:0 dropped:0 overruns:0 frame:0
TX packets:11851 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1103455 (1.0 MiB) TX bytes:1103455 (1.0 MiB)
Please let me know the possible cause.
Last edited by win32sux; 02-22-2011 at 04:27 AM .
Reason: Added CODE tags for readability (please use them on your own going forward).
02-22-2011, 04:46 AM
#6
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
Don't you need to set up
IP aliasing for 172.17.93.67, 172.17.93.68, and 172.17.93.69 on eth0?
I don't see any of those IPs assigned to your eth0 interface in the output you posted.
Last edited by win32sux; 02-22-2011 at 03:31 PM .
02-24-2011, 01:08 PM
#7
Senior Member
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,249
Rep:
Looks like you are making this more complicated then it needs to be.
If you saved your rules they should be in /etc/sysconfig/iptables.
If you haven't the please run service iptables save to save them.
Could you post the contents of this file in between code tags?
[ code][ /code] please remove the spaces after the [.
All times are GMT -5. The time now is 09:44 PM .
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know .
Latest Threads
LQ News