Make WAN address always respond as such (iptables rules?)

Andrew Jorgensen andrew.jorgensen at gmail.com
Tue Jan 23 14:51:53 MST 2007


On 1/23/07, Nicholas Leippe <nick at leippe.com> wrote:
> You'll need both a DNAT and a SNAT rule if you don't want to do an internal
> zone in your DNS.  See:
>
> http://www.netfilter.org/documentation/HOWTO//NAT-HOWTO-10.html

Thanks for this, Nicholas, I think it's almost what I'm looking for
but if I'm reading it correctly the example is just forwarding the lan
port 80 to the internal web server as well.  I want it to do that only
if the destination address is the external address.

I suppose one of my problems is going to be that I don't know my
external address until after dhcp is up, but it wouldn't be a big deal
to have something run as a dhcp change hook.

And here's the example for others reading:
# iptables -t nat -A POSTROUTING -d 192.168.1.1 -s 192.168.1.0/24 \
        -p tcp --dport 80 -j SNAT --to 192.168.1.250



More information about the PLUG mailing list