Linux‎ > ‎Iptables‎ > ‎

NAT

iptables NAT

SNAT/DNAT

Route all packets for the new public ip, to a certain local IP.

iptables -t nat -I [PREROUTING] -p all -d [PUBLIC_IP] -j DNAT --to-destination [LAN_IP]

Masquerade returned packets from the local ip to the public IP

iptables -t nat -I [POSTROUTING] 1 -p all -s [LAN_IP] -j SNAT --to-source [PUBLIC_IP]

Translate anything else from the lan to the "main" router IP.

iptables -t nat -I [POSTROUTING] -o br0 -s [LAN_SUBNET] -j SNAT --to-source [MAIN_IP]

In that last line, br0 may not always be correct; it's br0 on Tomato at least. You can telnet to the router and use the ifconfig command to see the correct value; it's the one with the router's internal IP associated with it.

Example:

-A PREROUTING -d 66.111.111.30 -i eth1.1000 -j DNAT --to-destination 10.3.3.200 -A POSTROUTING -s 10.3.3.200 -o eth1.1000 -j SNAT --to-source 66.111.111.30
Comments