Using #iptables to forward a whole IP address to another (server)

iptables -A PREROUTING -t nat -d $src -j DNAT --to $dst
iptables -A POSTROUTING -t nat -d $dst -j MASQUERADE

Connections from anywhere to $src will get forwarded to $dst (though source IP will be changed to that of eth0 or default outbound device). Useful when moving servers; keeps the old address alive for a bit. Though we lose ‘real’ source address.

For example, if forwarding IP address used by an SMTP server, all email will appear to come from $eth0. If $eth0 (could be the same as $src, but not guaranteed) is privileged, in the sense that it is allowed to relay, then anyone will be able to relay through the SMTP server. But works in a pinch, while DNS changes are propogating through the ‘net.

A somewhat more concrete example. Say you have IP address 1.2.3.4; if you do

iptables -A PREROUTING -t nat -d 1.2.3.4 -j DNAT --to 8.8.8.8
iptables -A POSTROUTING -t nat -d 8.8.8.8 -s 1.2.3.4 -j MASQUERADE

1.2.3.4 is now forwards to Google’s Public DNS Server. You can now use 1.2.3.4 as if it were 8.8.8.8.

Advertisements