Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: IPtables and NAT

  1. #1
    Senior Member
    Join Date
    Dec 2006
    Posts
    105

    Default IPtables and NAT

    Hello,

    I would like to use BT for a test as NAT-router.

    - from BT its possible to ping the AP and the internal machine
    - but the internal machine cannot ping to outside world


    AP/Router: 192.168.0.1

    BT/WLAN0: 192.168.0.100
    BT/eht0: 192.168.1.5

    internal machine: 192.168.1.99


    Settings on BT:
    # echo 1 > /proc/sys/net/ipv4/ip_forward
    # iptables -t nat -A POSTROUTING -s 192.168.1.0/255.255.255.0 -o wlan0 -j SNAT --to-source 192.168.0.100


    Question:
    What am I doing wrong?


    Thank's a lot in advance for any help :-)


    John

  2. #2
    Good friend of the forums espreto's Avatar
    Join Date
    Mar 2010
    Location
    Brazil
    Posts
    303

    Default Re: IPtables and NAT

    I do not understand your topology!
    Are you using real or virtualized machines?
    Loaded the module iptable_nat?
    Be more specific please!


    Regards,
    (gdb) disass m(y_br)ain

    ®

  3. #3
    Just burned his ISO neriberto's Avatar
    Join Date
    Nov 2010
    Location
    Limeira/SP/Brazil
    Posts
    8

    Default Re: IPtables and NAT

    I think that he is trying to use BT as a firewall and using iptables to do it, AP/router is the router of internet for BT

    try it :

    echo 1 > /proc/sys/net/ipv4/ip_forward
    iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE

  4. #4
    Senior Member
    Join Date
    Dec 2006
    Posts
    105

    Default Re: IPtables and NAT

    Thank's a lot espreto for the feedback!


    Quote Originally Posted by espreto View Post
    I do not understand your topology!
    Are you using real or virtualized machines?
    Regards,
    I am unsing real machines.

    Quote Originally Posted by espreto View Post
    I do not understand your topology!
    Regards,
    BT should be the router for the internal machines.



    Quote Originally Posted by espreto View Post
    Loaded the module iptable_nat?
    Regards,
    NO!! That I forgot. What a shame...


    After loading the module iptable_nat it's working :-) Except the machine behind the BT router needs to define the AP(AP/Router: 192.168.0.1) as their name server.
    If the IP of the internal network(BT/eth0: 192.168.1.5) is defined, name resolution does not work :-)


    Thank's a lot for your help,

    John
    Last edited by john99; 05-23-2011 at 02:01 PM. Reason: important detauils forgotten :-(

  5. #5
    Senior Member
    Join Date
    Dec 2006
    Posts
    105

    Default Re: IPtables and NAT

    Quote Originally Posted by neriberto View Post
    I think that he is trying to use BT as a firewall and using iptables to do it, AP/router is the router of internet for BT
    Yes neriberto :-)


    Quote Originally Posted by neriberto View Post
    try it :
    echo 1 > /proc/sys/net/ipv4/ip_forward
    iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
    Im am going to try that too!

    Does your iptables command make a difference when i comes to firewalling compared to my command?

    John
    Last edited by john99; 05-23-2011 at 02:13 PM. Reason: spelling error

  6. #6
    Senior Member
    Join Date
    Dec 2006
    Posts
    105

    Default Re: IPtables and NAT

    Quote Originally Posted by neriberto View Post
    try it :
    echo 1 > /proc/sys/net/ipv4/ip_forward
    iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE

    Surprisingly that "new" iptables command dows not make any difference... BT works as NAT-router, but there is a very special thing
    I can't understand at all :

    Name resolution(DNS) (e.g. google.com) does not work on the internal machine (192.168.1.99) if the NAT-router(BT) is defined as
    nameserver (the IP address has to be defined).
    But erverything (DNS-resolution) works perfectly it the WLAN AP (192.168.0.1) is defined as the nameserver!!

    Does somebody understand that?


    Thank you very much for any feedback!

    John

  7. #7
    Senior Member
    Join Date
    Jan 2010
    Posts
    140

    Default Re: IPtables and NAT

    Quote Originally Posted by john99 View Post
    Surprisingly that "new" iptables command dows not make any difference... BT works as NAT-router, but there is a very special thing
    I can't understand at all :

    Name resolution(DNS) (e.g. google.com) does not work on the internal machine (192.168.1.99) if the NAT-router(BT) is defined as
    nameserver (the IP address has to be defined).
    But erverything (DNS-resolution) works perfectly it the WLAN AP (192.168.0.1) is defined as the nameserver!!

    Does somebody understand that?


    Thank you very much for any feedback!

    John
    Just because your backtrack machine is setup as a NAT router does not mean it will act as a DNS server. If you want to be able to set the clients to use it you would need to run a DNS server on the backtrack machine. As far as I know there isn't a DNS server built into backtrack but I would not be surprised at all if I was wrong.

  8. #8
    Senior Member
    Join Date
    Dec 2006
    Posts
    105

    Default Re: IPtables and NAT

    Quote Originally Posted by Dudeman02379 View Post
    Just because your backtrack machine is setup as a NAT router does not mean it will act as a DNS server. If you want to be able to set the clients to use it you would need to run a DNS server on the backtrack machine. As far as I know there isn't a DNS server built into backtrack but I would not be surprised at all if I was wrong.

    Thank's a lot Dudeman02379 for the interesting feedback! As I understand you, there is now other way than to set up a DNS server on the NAT router in order to have the DNS resolution working for the clients in the 192.168.1.0 net.

    I hoped that this could be achieved as well with the iptables command :-(



    Thank's !

    John

  9. #9
    Senior Member
    Join Date
    Jan 2010
    Posts
    140

    Default Re: IPtables and NAT

    Quote Originally Posted by john99 View Post
    Thank's a lot Dudeman02379 for the interesting feedback! As I understand you, there is now other way than to set up a DNS server on the NAT router in order to have the DNS resolution working for the clients in the 192.168.1.0 net.

    I hoped that this could be achieved as well with the iptables command :-(



    Thank's !

    John
    If the clients on the 192.168.1.0 subnet used an internet DNS server that would also work. Maybe there is a way to forward all DNS requests to an internet DNS server using iptables but you would need to do a little research. Here are some public DNS servers they could use http://theos.in/windows-xp/free-fast...s-server-list/

    EDIT: Maybe something like this? Untested
    iptables -t nat -I PREROUTING -i eth0 -p udp --dport 53 -j DNAT --to 4.2.2.2
    Last edited by Dudeman02379; 07-05-2011 at 03:23 PM.

  10. #10
    Senior Member
    Join Date
    Dec 2006
    Posts
    105

    Default Re: IPtables and NAT

    Quote Originally Posted by Dudeman02379 View Post

    EDIT: Maybe something like this? Untested
    iptables -t nat -I PREROUTING -i eth0 -p udp --dport 53 -j DNAT --to 4.2.2.2
    Thank's a lot for the help! Unfortunately the command # iptables -t nat -I PREROUTING -i eth0 -p udp --dport 53 -j DNAT --to 192.168.0.100
    does not solve the DNS problem, instead the the clients in the 192.168.1.0 net are not even able to to ping the WLAN AP at 192.168.0.1
    anymore :-(

    I am probably going to try Dnsmasq as well...

    John
    Last edited by john99; 07-07-2011 at 01:45 PM.

Page 1 of 2 12 LastLast

Similar Threads

  1. Help with iptables
    By autocannon in forum Beginners Forum
    Replies: 4
    Last Post: 03-21-2011, 06:51 PM
  2. iptables reset?
    By Mr-Protocol in forum Beginners Forum
    Replies: 2
    Last Post: 01-25-2010, 01:18 PM
  3. Iptables not registering?
    By wolf17 in forum OLD Newbie Area
    Replies: 2
    Last Post: 08-03-2009, 07:17 AM
  4. IPTables Question....
    By >Dart> in forum OLD Specialist Topics
    Replies: 4
    Last Post: 04-08-2009, 05:51 AM
  5. Iptables
    By imported_cwggenius in forum OLD Tutorials and Guides
    Replies: 1
    Last Post: 04-05-2006, 11:40 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •