最新消息:

Using iptables to map an internal address to an external one

ip admin 3523浏览 0评论

I’m messing around with virtualisation at the moment and ran into a sticky one with networking.

My hosting provider will allow me multiple IP addresses but won’t permit bridging – basically fake MAC addresses are a  no-no, the switch automatically disconnects the server if it detects an invalid MAC address. This is to prevent abuse (spoofing etc.) but also means no bridging of virtual machines.

The alternative is to have a private bridge, but how to allow free access from an external IP to an internal one?

I found various solutions to this, but not all did what I wanted. For example, some routed things so that anything coming in on the interface with the external IP would get mapped to the private – not good if you have multiple IP addresses through virtual interfaces (eth0:1 etc.) as iptables doesn’t recognise the difference.

So let’s say you have internal address 192.168.0.1 that you want to map to an external address, let’s say 72.120.38.100.

Use the following:

iptables -t nat -A PREROUTING -d 72.120.38.100 -j DNAT --to-destination 192.168.0.1
iptables -t nat -A POSTROUTING -s 192.168.0.1 -j SNAT --to-source 72.120.38.100

Yes, it really is that easy – assuming nothing else in iptables is sending things awry!

转载请注明:爱开源 » Using iptables to map an internal address to an external one

您必须 登录 才能发表评论!