0

I have an ubuntu machine at IP 192.168.3.1, another machine is connected to it at fixed IP of 192.168.3.2, This machine is also connected to a router over usb0 which has shared the IP 172.30.220.17 to the machine

diagram of my setup here

What I wanna do is to forward any TCP or UDP packet received by this machine over the 192.168.3.1 IP towards 172.30.220.19 from the router, and vice versa

For example if the machine at 192.168.3.2 sends a "Hello" TCP packet on port 33000 towards the main computer, it should send the packet to 172.30.220.19:33000

After reading the iptables documentation and a few former questions I tried the commands below for NAT but it doesn't work, I don't know why. I would be glad if anyone could direct me as to what I've done wrong. Thanks for your time

sudo iptables -t nat -A PREROUTING -p tcp -j DNAT --to-destination 172.30.220.19
sudo iptables -t nat -A POSTROUTING -p tcp -d 172.30.220.19  -j SNAT --to-source 192.168.3.2
Improve this question

2 Answers 2

Reset to default
0

What you're describing sounds like you're setting up a network gateway/router. Here's what you need to do that.

In the example public_nic is the name of the nic with the ip address 172.30.220.17 and gateway_nic is the nic with the ip address 192.168.3.1. And I am assuming that both of those NICs are in the same machine.

1) Enable IP Forwarding

You have to make sure you enable IP forwarding.

To temporarily enable, you can run this

sudo sysctl -w net.ipv4.ip_forward=1

To permanently enable, you can edit /etc/sysctl.conf and add the following line

net.ipv4.ip_forward = 1

Then run this to apply the changes. (only required if you go the route of modifying the sysctl config file)

sudo sysctl -p

2) Setup masquerading

This will make all the packets look like they're coming from the public IP, or in this case your 172.30.220.19 address, not the private IP of the originating host.

iptables -t nat -A POSTROUTING -o ${public_nic} -j MASQUERADE

3) Set up your forwarding rules

iptables -A FORWARD -i ${gateway_nic} -o ${public_nic} -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -A FORWARD -i ${public_nic} -o ${gateway_nic} -j ACCEPT

4) Configure routing

You'll need to make sure that the device on your internal network that you want forwarded out (192.168.3.2) uses the ${gateway_nic} ip as the default gateway. In your case 192.168.3.1.

Improve this answer
0

This script is what finally got it working for me for my scenario. usb0 is the interface name for the 172.30.220.17 subnetwork and end0 is the interface name for the 192.168.3.1 subnetwork on the main machine

#!/bin/sh

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -F
iptables -t nat -F
iptables -X

iptables -t nat -A POSTROUTING -o usb0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o end0 -j MASQUERADE

iptables -t nat -A PREROUTING -p tcp -d 192.168.3.1  -j DNAT --to 172.30.220.19
iptables -A FORWARD -p tcp -d 172.30.220.19  -j ACCEPT

iptables -t nat -A PREROUTING -p tcp -d 172.30.220.17  -j DNAT --to 192.168.3.2
iptables -A FORWARD -p tcp -d 192.168.3.2  -j ACCEPT
Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .