[Wylug-help] IP alias/forward
James Holden
james at jamesholden.co.uk
Tue, 25 Feb 2003 12:31:47 -0000 (GMT)
Gary,
You don't need (want) iptables to do this. You just need to enable IP
forwarding, like so:
[root@yourbox root] # echo "1" > /proc/sys/net/ipv4/ip_forward
You'll need to point the clients on the 10.x.x.x subnet towards the IP
address of your box (10.1.0.34) so they use it as their (default) gateway.
Given that you've got the routing tables all set up anyway, ie: your box
knows how to get to each subnet, enabling packet forwarding is all you
need to do.
The command you have below is to rewrite the packets so that packets
received with a destination of 10.1.0.34 get rewritten to have a
destination address of 192.168.1.2, which isn't what you want. You just
need the packets passing, not rewriting. This technique is similar to the
technique I use to enable me to have my webserver behind my NAT box. If
you go to www.microcosmos.co.uk, the IP address you'll hit is 80.7.77.70,
but they end up at 192.168.1.250.
James
Gary Stainburn said:
> Hi folks,
>
> I have to route traffic to another network for an IP address that is
> within one of my subnets.
>
> I've created an interface eth0:0 with the address 10.1.0.34 and then
> tried to redirect the packets to the router using the following rule but
> it didn't work:
>
> eth0:0 10.1.0.34
> eth1 192.168.1.1
> Cisco router 192.168.1.2
>
> iptables -A PREROUTING -d 10.1.0.34 -j DNAT --to-destination
> 192.168.1.2
>
> Unfortunately, this simply redirect the HTTP requests for that addr to
> the cisco's http server because this rule simply changed the destination
> IP address to the cisco, then forwarded it.
>
> What I need to know, is what rule do I need to add to simply forward the
> IP packets without actually mangling them.
>
> anyone got any ideas?
> --
> Gary Stainburn
>
> This email does not contain private or confidential material as it may
> be snooped on by interested government parties for unknown
> and undisclosed purposes - Regulation of Investigatory Powers Act, 2000
>
>
> _______________________________________________
> Wylug-help mailing list
> Wylug-help@wylug.org.uk
> http://list.wylug.org.uk/mailman/listinfo/wylug-help
--
James Holden, Leeds, United Kingdom
james-at-jamesholden-dot-co-dot-uk
http://www.microcosmos.co.uk