Ok so here is the scenario-
I have a centos 6.5 (server1) acting as router which forwards / NAT's all of my traffic onto another server. (server2)
I have some devices that are sat on the internet on modems with dynamic IP's.
I am forwarding all traffic from these devices coming in and this is working perfectly.
One thing I do know is their ports so I am using the following rules to forward/NAT this traffic to another server.
Where '555' & '666' are the known ports for my devices.
'123' = NTP port
2.2.2.2 = server2
[root@ip-1.1.1.1 sysconfig]# service iptables status
Table: nat
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:555 to:2.2.2.2:555
2 DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:666 to:2.2.2.2:666
3 DNAT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:123 to:2.2.2.2:123
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
The problem I have is that I cannot pickup any NTP time source from either the internet or from server 2 when these rules are in place.
You'll note that im trying to send port 123 UDP to my server2 as well as it is running NTP
The masquerade seems to be stopping it working but ive no idea how to filter (the masquerade) to ignore NTP traffic? (UDP 123)
if I turn off iptables temporarily it syncs NTP fine from either the internet or server 2
IPTables & Masquerading
Issues related to configuring your network
Return to “CentOS 6 - Networking Support”
Jump to
- CentOS General Purpose
- ↳ CentOS - FAQ & Readme First
- ↳ Announcements
- ↳ CentOS Social
- ↳ User Comments
- ↳ Website Problems
- CentOS 8 / 8-Stream / 9-Stream
- ↳ 8 /8-Stream / 9-Stream - General Support
- ↳ 8 /8-Stream / 9-Stream - Hardware Support
- ↳ 8 /8-Stream / 9-Stream - Networking Support
- ↳ 8 /8-Stream / 9-Stream - Security Support
- CentOS 7
- ↳ CentOS 7 - General Support
- ↳ CentOS 7 - Software Support
- ↳ CentOS 7 - Hardware Support
- ↳ CentOS 7 - Networking Support
- ↳ CentOS 7 - Security Support
- CentOS Legacy Versions
- ↳ CentOS 5
- ↳ CentOS 5 - General Support
- ↳ CentOS 5 - Software Support
- ↳ CentOS 5 - Hardware Support
- ↳ CentOS 5 - Networking Support
- ↳ CentOS 5 - Server Support
- ↳ CentOS 5 - Security Support
- ↳ CentOS 5 - Oracle Installation and Support
- ↳ CentOS 5 - Miscellaneous Questions
- ↳ CentOS 6
- ↳ CentOS 6 - General Support
- ↳ CentOS 6 - Software Support
- ↳ CentOS 6 - Hardware Support
- ↳ CentOS 6 - Networking Support
- ↳ CentOS 6 - Security Support