https://community.hpe.com/t5/operating-system-linux/iptables-dnat/m-p/4954153#M46654 I have a multihomed linux 2.6 machine running iptables 1.2.11 which I use as my router.<BR /><BR />There is my network configuration:<BR />Test1 -(subnet_1)- eth0 Linux_Router_with_Nat eth2 -(subnet_2)- Cisco_Router -(subnet_3)- Test2<BR /><BR />I wish to do DNAT on Linux Router so that any traffic arriving on the IP_from_subnet_2 are automatically redirected to the Test1.<BR /><BR />I've added the following rule:<BR />iptables -t nat -A PREROUTING -d <IP_FROM_SUBNET_2> -i eth2 -j DNAT --to-destination <IP_TEST1><BR /><BR />I have a default policy of ACCEPT in my FORWARD and INPUT chains.<BR /><BR />Now all packets from the subnet_2 are redirected to Test1.<BR /><BR />But I have problem with subnet_3. Test1 does not receive any packets from this subnet.<BR /> <BR />"pkts" and "bytes" columns increasing in "iptables -L -n -v -t nat" output when I attempt to make connection to Test1 from Test2 but "forward" chain is empty; seems DNAT packets not getting to FORWARD chain. <BR /><BR />Tell anyone tell me why I can not get this working from subnet_3?<BR /><BR />Thanks in advance,<BR />Sergejs</IP_TEST1></IP_FROM_SUBNET_2> Mon, 23 Jan 2006 08:48:47 GMT Sergejs Svitnevs 2006-01-23T08:48:47Z https://community.hpe.com/t5/operating-system-linux/iptables-dnat/m-p/4954153#M46654 I have a multihomed linux 2.6 machine running iptables 1.2.11 which I use as my router.<BR /><BR />There is my network configuration:<BR />Test1 -(subnet_1)- eth0 Linux_Router_with_Nat eth2 -(subnet_2)- Cisco_Router -(subnet_3)- Test2<BR /><BR />I wish to do DNAT on Linux Router so that any traffic arriving on the IP_from_subnet_2 are automatically redirected to the Test1.<BR /><BR />I've added the following rule:<BR />iptables -t nat -A PREROUTING -d <IP_FROM_SUBNET_2> -i eth2 -j DNAT --to-destination <IP_TEST1><BR /><BR />I have a default policy of ACCEPT in my FORWARD and INPUT chains.<BR /><BR />Now all packets from the subnet_2 are redirected to Test1.<BR /><BR />But I have problem with subnet_3. Test1 does not receive any packets from this subnet.<BR /> <BR />"pkts" and "bytes" columns increasing in "iptables -L -n -v -t nat" output when I attempt to make connection to Test1 from Test2 but "forward" chain is empty; seems DNAT packets not getting to FORWARD chain. <BR /><BR />Tell anyone tell me why I can not get this working from subnet_3?<BR /><BR />Thanks in advance,<BR />Sergejs</IP_TEST1></IP_FROM_SUBNET_2> Mon, 23 Jan 2006 08:48:47 GMT https://community.hpe.com/t5/operating-system-linux/iptables-dnat/m-p/4954153#M46654 Sergejs Svitnevs 2006-01-23T08:48:47Z https://community.hpe.com/t5/operating-system-linux/iptables-dnat/m-p/4954154#M46655 Just checking: have you set <BR />"sysctl net.ipv4.ip_forward" to 1? It is the master switch for all IP routing.<BR /><BR />What's in your routing table?<BR />Linux_Router's default gateway should be pointing towards the Cisco_Router or there should be a specific route on Linux_router to the subnet_3 through the Cisco_Router. Otherwise the rp_filter might drop the packets.<BR /><BR />To test, set "sysctl net.ipv4.conf.all.rp_filter=0".<BR /><BR />If you don't have the "sysctl" command, you can use "echo 1 &gt;/proc/sys/net/ipv4/ip_forward" and "echo 0 &gt; /proc/sys/net/ipv4/conf/all/rp_filter".<BR /> Mon, 23 Jan 2006 09:45:51 GMT https://community.hpe.com/t5/operating-system-linux/iptables-dnat/m-p/4954154#M46655 Matti_Kurkela 2006-01-23T09:45:51Z https://community.hpe.com/t5/operating-system-linux/iptables-dnat/m-p/4954155#M46656 Matti,<BR /><BR />IP forwarding is already enabled (I can forward packet from subnet_2 to subnet_1). It was not an issue.<BR /><BR />I have added a new route to Linux router describing the way how to reach Test2 via cisco router:<BR /># route add -net subnet_3 gw Cisco_router<BR /><BR />and now DNAT works Ok.<BR /><BR />Thanks a lot. Mon, 23 Jan 2006 10:03:21 GMT https://community.hpe.com/t5/operating-system-linux/iptables-dnat/m-p/4954155#M46656 Sergejs Svitnevs 2006-01-23T10:03:21Z https://community.hpe.com/t5/operating-system-linux/iptables-dnat/m-p/4954156#M46657 . Mon, 23 Jan 2006 10:05:18 GMT https://community.hpe.com/t5/operating-system-linux/iptables-dnat/m-p/4954156#M46657 Sergejs Svitnevs 2006-01-23T10:05:18Z