hardware:gatewaynetflow
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revisionNext revisionBoth sides next revision | ||
hardware:gatewaynetflow [2019/01/03 17:36] – created veera | hardware:gatewaynetflow [2019/01/03 18:31] – [Then setup the Port NAT] veera | ||
---|---|---|---|
Line 3: | Line 3: | ||
In some customers, Trisul is on a separate segment from the production routers. These sites often have a gateway device that be be used to access. | In some customers, Trisul is on a separate segment from the production routers. These sites often have a gateway device that be be used to access. | ||
- | {{: | + | {{: |
This HOWTO explains how to use Linux IPTABLES NAT to move between the two. | This HOWTO explains how to use Linux IPTABLES NAT to move between the two. | ||
Line 11: | Line 11: | ||
On the gateway device you just need to run the following commands, say you want to move port 2055 to a particular IP. | On the gateway device you just need to run the following commands, say you want to move port 2055 to a particular IP. | ||
- | Shutdown ufw or disable firewalld | + | ==== Shutdown ufw or disable firewalld |
< | < | ||
Line 25: | Line 26: | ||
- | Then setup the Port NAT | + | ==== Then setup the Port NAT ==== |
+ | |||
+ | The following commands move port 2055 to the Trisul IP (see the diagram above) . | ||
< | < | ||
- | $ iptables -t nat -A PREROUTING -p udp --dport 2055 -j DNAT --to-destination 10.10.10.17: | + | $ iptables -t nat -A PREROUTING -p udp \ |
- | $ iptables -t nat -A POSTROUTING -j MASQUERADE | + | |
</ | </ | ||
You should now be seeing Netflow | You should now be seeing Netflow | ||
+ | |||
+ | |||
+ | <note important> | ||
+ | </ | ||
+ | ==== Useful commands ==== | ||
+ | |||
+ | To view NAT rules with counters | ||
+ | '' | ||
+ | iptables -t nat -vL | ||
+ | |||
+ | '' | ||
+ | ==== Reference ==== | ||
+ | |||
+ | How to redirect incoming traffic on a port to another IP https:// | ||
hardware/gatewaynetflow.txt · Last modified: 2019/01/07 11:45 by veera