Describe How to have 2 public ip's on external NIC and route it to a piece of hardware on your local network here.
1-to-1 NAT howto
Author : Frederik Bay 
Author
Originally Developed by: Abe Loveless (abe AT lovelesscentral.org)
Heavily Contributed to by: Chris Watkins
Revised for SME 5.6 and 6.0 iptables by: Chris Watkins and Mark Drone
Thanks to briank for pointing me in the right direction and stuntshell for asking a good question
Tested on SME Version 6.01 GPL
Updated : 04 April 2005
License : unknown
Howto description
You want to forward all trafic on specific external IP to an internal IP
1) Use this link
http://tech-geeks.org/contrib/mdrone/1-to-1/
2) Login to Server using Putty
3) in root dir use command
mkdir nat
cd nat
4) download contrib
wget
follow the readme in the contrib until you get to 3c.
3d. pico /opt/1_to_1/makefrag.pl
after line 43 -
print BEGIN (" /sbin/iptables -t nat --append CustomNATout -s $data1 -j SNAT --to $data0 \n");
insert this line
print BEGIN ("\n /sbin/iptables -A FORWARD -j ACCEPT\n");
- then CTRL-X and save on exit
continue following the readme and you are all set.
If you want to restrict access to a specific port or ports
use pico (or any editor you like) to edit /etc/e-smith/templates-custom/etc/rc.d/init.d/masq/34CustomNAT
- paste the following after /sbin/iptables --table nat --append POSTROUTING -p all -j CustomNATout
# Apply specific rules for incoming packets to be NATted # Webservices port 80
/sbin/iptables -t nat --append CustomNATin -d eee.eee.eee.eee -p tcp --dport 80 -j DNAT --to iii.iii.iii.iii:80
where eee.eee.eee.eee is external ip and iii.iii.iii.iii is internal ip
you can then paste this as much as you need just remember to change the port number for the desired port you want to forward.
exampel:
# Webservices port 80
/sbin/iptables -t nat --append CustomNATin -d eee.eee.eee.eee -p tcp --dport 80 -j DNAT --to iii.iii.iii.iii:80
# Netop Remotecontrol port 6502
/sbin/iptables -t nat --append CustomNATin -d eee.eee.eee.eee -p udp --dport 6502 -j DNAT --to iii.iii.iii.iii:6502
# FTP Service port 21
/sbin/iptables -t nat --append CustomNATin -d eee.eee.eee.eee -p tcp --dport 21 -j DNAT --to iii.iii.iii.iii:21
# SSH Service port 22
/sbin/iptables -t nat --append CustomNATin -d eee.eee.eee.eee -p tcp --dport 22 -j DNAT --to iii.iii.iii.iii:22
# MySQL port 3306
/sbin/iptables -t nat --append CustomNATin -d eee.eee.eee.eee -p tcp --dport 3306 -j DNAT --to iii.iii.iii.iii:3306
- when done save and exit
- Expand the template
/sbin/e-smith/expand-template /etc/rc.d/init.d/masq
- and restart masq
/etc/rc.d/init.d/masq restart
Now if you want to restrict access to an specified port, such as mysql only to certain outside IP's
find the entry for Mysql
/sbin/iptables -t nat --append CustomNATin -s xxx.xxx.xxx.xxx -d eee.eee.eee.eee -p tcp --dport 3306 -j DNAT --to iii.iii.iii.iii:3306
change the xxx's for the IP you want to have the ability to connect to your internal server
the eee are the external ip that you want your server to respond to
the iii is the local ip of the server.
do this for each IP that you want to be able to connect to the Server.
- save and exit
- Expand the template
/sbin/e-smith/expand-template /etc/rc.d/init.d/masq
- and restart masq
/etc/rc.d/init.d/masq restart
or simply reboot
Back Howto