iptables and Foreign Interface . Plese Help me.

My Enviroment:

Server1(|Switch|----(eth0= , REAL IP ADDRESS )

How configured:
Server3 - Linux(OpenSUSE)
iptables rules is:

Allow All from the Local LAN to The Public Internet

iptables -A FORWARD -i eth0 -j ACCEPT

MAsquerade all outgoing packets

iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to A.B.C.D

PAT from the Internet to the Local LAN(Server1)

iptables -t nat -A PREROUTING -i eth1 -d A.B.C.D -p tcp --dport 443 -j DNAT --to-destination
iptables -A FORWARD -eth1 -p tcp --dport 443 -d -j ACCEPT

How it work:

  1. From the internet:
    telnet A.B.C.D 443
    This is OK. ( on the Local Server1 i see incoming tcp:443 connection)
  2. From the Server2:
    telnet 443
    This is OK ( on the Local Server1 i see incoming tcp:443 connection)

From the Server2:
telnet A.B.C.D 443
Connection not UP …

It is necessary for me that the packet passed so:

Please, Help me


This occurs because desync IP source-destination.
You must setup 2 routing table with iproute2. In each table must be defaul route and choose table in policy. It is named poly based routing.

Bun You make telnet with domain name (not IP). And domain name will be different fo You and from glob.

policy based routing

Of course. It does not know that it has to forward packets from your local network back to your local network.
It is called loopback NAT. See http://www.netfilter.org/documentation/HOWTO//NAT-HOWTO-10.html