There is a router 192.168.1.1
, the Internet comes to it.
On the router, the 6666
port is tried on the server with ubuntu (192.168.1.2
, the eth0
interface). There is also a second interface ETH1
, which is connected to the server (IP
server address in this network 10.10.10.2
, the main gateway is 10/10/10.1
). Through this locator, a computer is available in the 3rd network 192.168.100.1:6666
.
Task: Configure IPTables Ubuntu
so that users via the Internet by port 6666
could reach 192.168.100.1
.
Forwarding included.
I can’t understand how to properly register the following logic (if it is generally correct):
- Redirect packages from one
Eth0
on anothereth1
if they answer192.168.1.2:6666
. - Redirect packets with
10.10.10.2
ETH1
on the IP address available through this locomotive192.168.100.1:6666
.
Answer 1, Authority 100%
(on the ubuntu
server) specify the route to 192.168.100.1
:
ip Route Add 192.168.100.1 Via 10/10/10.1
Change the destination in the packages on 192.168.100.1
:
iptables --table nat --insert prerouting \
--Proto TCP --DPORT 6666 --JUMP DNAT --TO-Destination 192.168.100.1:6666
IPTABLES --Table Nat --insert Prerouting \
--Proto UDP --Dport 6666 --Jump Dnat --to-Destination 192.168.100.1:6666
If the router>192.168.0.1
does not have masquerade, then:
iptables --table nat --insert postruting --jump Masquerade
must, in theory, earn.