DNAT stands for Destination NAT. It is a type of NAT. The other one is SNAT which stands for Source NAT. What's the difference I hear you ask. Good question! :) DNAT changes destination of relevant packets. SNAT changes the source of relevant packets. Last week, my boss asked me to open an internal system in order to be accessed publicly.
Let's say my internal system server's IP is 192.168.2.123 and the system is a web-based system (port 80). It is behind a firewall which has a public IP say 111.222.333.444. To access the internal system from internet, the firewall IP should be used as a gateway to reach the internal system server.
Internet ----> Firewall ----> Internal system
I want to make any packets destined to port 3256 on firewall should be NAT'ed to internal system server on port 80. So the DNAT in firewall is:
iptables -t nat -I PREROUTING -s ! 192.168.2.0/24 -p tcp --dport 3256 -j DNAT --to 192.168.2.123:80
There you go. All packets destined to firewall on port 3256 will be redirected to internal system server on port 80. There are other ways to achieve this using other tools like xinetd but I leave that one for exercise for readers. :)
2 comments:
Hello,
I'm Susan, of the TechnoSnack's team and I wish to inform you that we are opening a new blog aggregator about Computers & Internet news.
We put it on-line some hours ago and the link is: http://www.technosnack.com.
The main objective of this project is creation of a "virtual dashboard" of posts coming from many specialized blog and information about Computers & Internet world, with news about Linux, Windows, Mac, Open sources, Security, Graphics, Symbian and more on...
The key feature is that news come directly from blogosphere. We wish to show a preview of posts, with a link "Read more..." to signed blogs. If users are interested in news, they are redirected to your blog and can read entire post directly from your blog!
So, the different signed blogs can increase their visibility and reach more visitors, all over the world!
We think that in a little of time it can send more visitors to re gistered blogs, contributing to diffusion of know-how about Computer and Technology world.
I visited your blog and I think it has very interesting and useful posts!
So, are you interested in this idea, with your blog?
If yes, then you can register your blog, using the specific "Registration Form"!
REGISTRATION IS ABSOLUTELY FREE!
The only thing we ask to you is to insert TechnoSNACK banner in your blog to promote this project. Or, if you prefer, you can insert a link in your blogroll.
If you like (we whould be happy, but it is not mandatory :-), you can write a post regarding TechnoSNACK project in your blog, to promote this idea.
Bye!
Susan - TechnoSnack's Team
i've already sent the registration form. And u can see the banner on the right of this blog.
Thanks.
Post a Comment