Linux‎ > ‎Iptables‎ > ‎


iptables NAT


Route all packets for the new public ip, to a certain local IP.

iptables -t nat -I [PREROUTING] -p all -d [PUBLIC_IP] -j DNAT --to-destination [LAN_IP]

Masquerade returned packets from the local ip to the public IP

iptables -t nat -I [POSTROUTING] 1 -p all -s [LAN_IP] -j SNAT --to-source [PUBLIC_IP]

Translate anything else from the lan to the "main" router IP.

iptables -t nat -I [POSTROUTING] -o br0 -s [LAN_SUBNET] -j SNAT --to-source [MAIN_IP]

In that last line, br0 may not always be correct; it's br0 on Tomato at least. You can telnet to the router and use the ifconfig command to see the correct value; it's the one with the router's internal IP associated with it.


-A PREROUTING -d -i eth1.1000 -j DNAT --to-destination -A POSTROUTING -s -o eth1.1000 -j SNAT --to-source