yet another iptables alias question

cmaurand · n00b Joined: 21 Dec 2004 Posts: 42 Location: Biddeford, ME

I've looked at all of the stuff in the forums and I can't seem to find anything that quite matches what I got going on.
IPTABLES=/sbin/iptables
eth0 = nnn.nnn.nnn.202
eth0:1 = nnn.nnn.nnn.203
eth1 = 192.168.1.9
EXTIP=nnn.nnn.nnn.202
ALIASIP_1=nnn.nnn.nnn.203
INTIP=192.168.1.9

I have the normal network setup. The internal net is 192.168.1.0/24. I am the default gateway. I have a particular machine that needs ipsec portforwarded to it (thats another story). Packets arriving on the primary address are handled properly. packets arriving on the secondary address are getting refused.

I have the following rules:

$IPTABLES -F
$IPTABLES -t nat -F
$IPTABLES -A INPUT -d $ALIASIP_1 -j ACCEPT
$IPTABLES -A FORWARD -s $INT_NET -d 0/0 -j ACCEPT

$IPTABLES -A POSTROUTING -t nat -s 192.168.1.12 -d 0/0 -j SNAT \
--to-source $ALIASIP_1
$IPTABLES -A POSTROUTING -t nat -s $INT_NET -d 0/0 -j SNAT \
--to-source $EXTIP

$IPTABLES -A PREROUTING -t nat -i eth0 -d $ALIASIP_1 -p tcp --dport 80 -j DNAT
--to-destination 192.168.1.12:80
$IPTABLES -A PREROUTING -t nat -i eth0 -d $EXTIP -p tcp --dport 80 -j DNAT
--to-destination 192.168.1.5:80

Anyone have any ideas what's going on here. This looks like it should work.

Curtis
_________________
Curtis

expat_iain · Guru Joined: 09 Jan 2004 Posts: 361 Location: Malta GC

What does the output of the following show:

Mroofka · Guru Joined: 25 Jan 2005 Posts: 369 Location: Poland

i won't show anything. should be:

cmaurand · n00b Joined: 21 Dec 2004 Posts: 42 Location: Biddeford, ME

iptables -L -nv produces:

Chain INPUT (policy ACCEPT 2765K packets, 1544M bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 209.113.245.203

Chain FORWARD (policy ACCEPT 13M packets, 14G bytes)
pkts bytes target prot opt in out source destination
405K 43M ACCEPT all -- * * 192.168.1.0/24 0.0.0.0/0

Chain OUTPUT (policy ACCEPT 2002K packets, 1473M bytes)
pkts bytes target prot opt in out source destination

iptables -t nat -L -nv produces:

Chain PREROUTING (policy ACCEPT 830K packets, 68M bytes)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- eth0 * 0.0.0.0/0 209.133.245.203 tcp dpt:80 to:192.168.1.12:80
0 0 DNAT udp -- eth0 * 0.0.0.0/0 209.133.245.203 udp dpt:500 to:192.168.1.12:500
0 0 DNAT tcp -- eth0 * 0.0.0.0/0 209.133.245.203 tcp dpt:1723 to:192.168.1.12:1723
0 0 DNAT udp -- eth0 * 0.0.0.0/0 209.133.245.203 udp dpt:4500 to:192.168.1.12:4500
0 0 DNAT icmp -- eth0 * 0.0.0.0/0 209.133.245.203 to:192.168.1.12
1 60 DNAT tcp -- eth0 * 0.0.0.0/0 209.113.245.202 tcp dpt:80 to:192.168.1.5:80
0 0 DNAT tcp -- eth0 * 0.0.0.0/0 209.113.245.202 tcp dpt:3389 to:192.168.1.1:3389
0 0 DNAT tcp -- eth0 * 0.0.0.0/0 209.113.245.202 tcp dpt:5000 to:192.168.1.125:5000
0 0 DNAT tcp -- eth0 * 0.0.0.0/0 209.113.245.202 tcp dpt:3395 to:192.168.1.107:3395
0 0 DNAT tcp -- eth0 * 0.0.0.0/0 209.113.245.202 tcp dpt:3399 to:192.168.1.186:3399

Chain POSTROUTING (policy ACCEPT 28844 packets, 1907K bytes)
pkts bytes target prot opt in out source destination
0 0 SNAT all -- * * 192.168.1.12 0.0.0.0/0 to:209.133.245.203
13038 715K SNAT all -- * * 192.168.1.0/24 0.0.0.0/0 to:209.113.245.202

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
_________________
Curtis