How to DNAT to different local IP based on what public IP was accessed with Shorewall?

Posted by mikl on Server Fault See other posts from Server Fault or by mikl
Published on 2012-06-30T00:55:43Z Indexed on 2012/06/30 3:17 UTC
Read the original article Hit count: 489

Filed under:

shorewall

|

dnat

My server has several public IPs, and is running a bunch of virtual machines with private IP adresses.

As an example, I want to map ports 80, 443 and 8080 on 232.21.23.23 (public) to 192.168.122.12 (private). I have tried a couple of different NAT mappings, but none of them seem to work:

# This doesn't work.
DNAT           net              loc:192.168.122.12  tcp  80,443,8080  -           232.21.23.23

# Neither does this.
DNAT           $FW              loc:192.168.122.12  tcp  80,443,8080  -           232.21.23.23

# Nor this.
DNAT           net:232.21.23.23 loc:192.168.122.12  tcp  80,443,8080

# I have no idea what I'm doing.
DNAT           $FW:232.21.23.23 loc:192.168.122.12  tcp  80,443,8080

Can anyone point me in the right direction?

© Server Fault or respective owner

Related posts about shorewall

Sub-process /usr/bin/dpkg returned an error code (1)

as seen on Server Fault - Search for 'Server Fault'
Hey friends i am getting the following error when i am trying to purge shorewall root@aptosid:/etc# apt-get purge shorewall Reading package lists... Done Building dependency tree Reading state information... Done The following packages will be REMOVED: shorewall* 0 upgraded, 0 newly… >>> More
Why can't I unblock postgres with shorewall?

as seen on Server Fault - Search for 'Server Fault'
I can't seem to unblock the port needed for postgres using Shorewall. I am developing a PHP app on my windows machine here, and then I upload it on my linux box to actually use it. The linux box runs the php files as well as hosts the db server. Since I need it working from both machines, in my PHP… >>> More
Shorewall: temporarily drop incoming traffic except port 22?

as seen on Server Fault - Search for 'Server Fault'
When I work on configuration files, especially of the mail server, I would like to temporarily drop all the incoming traffic except the port 22. So, I don't risk to lose incoming mails if I need to move the mail server to another server, or something like that. Using shorewall, how I could do that… >>> More
shorewall masquerading from tun0 to ppp0

as seen on Server Fault - Search for 'Server Fault'
First interface is ppp0 (pptp vpn) Second inteface is tun0 (openvpn) Third interface eth0 (default gw interface) Openvpn is set to change default route on client for all packets to go through tun0 vpn, that part is working ok. I would like to make all packets from tun0 go to ppp0 and get out from… >>> More
Bridge and OpenVPN with shorewall

as seen on Server Fault - Search for 'Server Fault'
I have this scenario and everything it's working OK, but I want to configure my Shorewall and I can't do it. My interfaces are: br0 (bridge of eth0) tun0 (OpenVPN) vnet* (each one of bridged interfaces with public IP's) Public Main IP: 188.165.X.Y OpenVPN IP's: 172.28.0.x Bridge: public ip's So… >>> More

Related posts about dnat

IPtables: DNAT not working

as seen on Server Fault - Search for 'Server Fault'
In a CentOS server I have, I want to forward port 8080 to a third-party webserver. So I added this rule: iptables -t nat -A PREROUTING -p tcp --dport 8080 -j DNAT --to-destination thirdparty_server_ip:80 But it doesn't seem to work. In an effort to debug the process, I added these two LOG rules: iptables… >>> More
How to DNAT to different local IP based on what public IP was accessed with Shorewall?

as seen on Server Fault - Search for 'Server Fault'
My server has several public IPs, and is running a bunch of virtual machines with private IP adresses. As an example, I want to map ports 80, 443 and 8080 on 232.21.23.23 (public) to 192.168.122.12 (private). I have tried a couple of different NAT mappings, but none of them seem to work: # This… >>> More
Issues with forwarding Iptables

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have some issues with my redirectioning lines on iptables, it seems it does not work, any help will be appreciated iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -o eth0 -j SNAT --to 10.10.10.1 iptables… >>> More
DNAT to 127.0.0.1 with iptables / Destination access control for transparent SOCKS proxy

as seen on Server Fault - Search for 'Server Fault'
I have a server running on my local network that acts as a router for the computers in my network. I want to achieve now that outgoing TCP requests to certain IP addresses are tunnelled through an SSH connection, without giving the people from my network the possibility to use that SSH tunnel to connect… >>> More
Easy shorewall question : allow ips to DNAT

as seen on Server Fault - Search for 'Server Fault'
Hello, At my home network I had a transparent proxy. This is the rule that forward all 80 traffic to my squid3.1 server at DMZ DNAT loc:!10.0.0.126 dmz:172.16.0.198:3128 tcp 80 - !172.16.0.198 Ok, I need to add more ips to avoid transparent proxy. I tried loc:!10.0.0… >>> More