Comments on: Monitor your dynamic IP & update IPtables when it changes http://www.axmx.net/2008/monitor-your-dynamic-ip-update-iptables-when-it-changes/ Just another online mini-empire Tue, 31 Aug 2010 02:45:57 +0100 hourly 1 http://wordpress.org/?v=3.0.1 By: Mr. Blue http://www.axmx.net/2008/monitor-your-dynamic-ip-update-iptables-when-it-changes/comment-page-1/#comment-574 Mr. Blue Tue, 31 Aug 2010 02:45:57 +0000 http://www.axmx.net/?p=83#comment-574 Hey! thanks for the comment!! So in this "then" section, what you would do is flush all your rules first, then apply your same rules, modified with the 'new' IP address, like so: <code>if [ "$CURIP" != "$LASTIP" ] then #add your iptables rule here to remove the old rules with the external dynamic ip in it, and insert the new IP using the $CURIP variable. <strong>$IPT -F</strong> <em>(or whatever your preferred method is for flushing iptables)</em> $IPT -A PREROUTING -t nat -d <strong>$CURIP</strong> -p tcp –dport 8080 -j DNAT –to 192.168.0.201:8080 $IPT -t nat -A POSTROUTING -s 192.168.0.0/24 -p tcp –dport 8080 -d 192.168.0.201 -j MASQUERADE $IPT -A PREROUTING -t nat -d <strong>$CURIP</strong> -p tcp –dport 2020 -j DNAT –to 192.168.0.201:2020 $IPT -t nat -A POSTROUTING -s 192.168.0.0/24 -p tcp –dport 2020 -d 192.168.0.201 -j MASQUERADE</code> Provided your iptables rules are correct as you want them, this <strong><em>*should*</em></strong> work. However bear in mind it's been about 3 years since I originally wrote this post :) Hey! thanks for the comment!!
So in this “then” section, what you would do is flush all your rules first, then apply your same rules, modified with the ‘new’ IP address, like so:
if [ "$CURIP" != "$LASTIP" ]
then
#add your iptables rule here to remove the old rules with the external dynamic ip in it, and insert the new IP using the $CURIP variable.
$IPT -F (or whatever your preferred method is for flushing iptables)
$IPT -A PREROUTING -t nat -d $CURIP -p tcp –dport 8080 -j DNAT –to 192.168.0.201:8080
$IPT -t nat -A POSTROUTING -s 192.168.0.0/24 -p tcp –dport 8080 -d 192.168.0.201 -j MASQUERADE
$IPT -A PREROUTING -t nat -d $CURIP -p tcp –dport 2020 -j DNAT –to 192.168.0.201:2020
$IPT -t nat -A POSTROUTING -s 192.168.0.0/24 -p tcp –dport 2020 -d 192.168.0.201 -j MASQUERADE

Provided your iptables rules are correct as you want them, this *should* work. However bear in mind it’s been about 3 years since I originally wrote this post :)

]]> By: Dana Schuett http://www.axmx.net/2008/monitor-your-dynamic-ip-update-iptables-when-it-changes/comment-page-1/#comment-573 Dana Schuett Tue, 31 Aug 2010 02:22:54 +0000 http://www.axmx.net/?p=83#comment-573 Hi, your iptables $CURIP update is exactly what I'm looking for! I understand you entire script until it gets to the part on updated the iptable rules? Could you explain in more detail how this would work? I am just unclear how you actually get it into my iptables script. WHAT I'M UNSURE OF: # update the iptables rules if the current IP is different from the last ip in /tmp/lastip if [ "$CURIP" != "$LASTIP" ] then #add your iptables rule here to remove the old rules with the external dynamic ip in it, and insert the new IP #using the $CURIP variable. HERE IS WHERE I NEED THIS INJECTED INTO MY IPTABLES SCRIPT: $IPT -A PREROUTING -t nat -d my.isp.ip.addr -p tcp --dport 8080 -j DNAT --to 192.168.0.201:8080 $IPT -t nat -A POSTROUTING -s 192.168.0.0/24 -p tcp --dport 8080 -d 192.168.0.201 -j MASQUERADE $IPT -A PREROUTING -t nat -d my.isp.ip.addr -p tcp --dport 2020 -j DNAT --to 192.168.0.201:2020 $IPT -t nat -A POSTROUTING -s 192.168.0.0/24 -p tcp --dport 2020 -d 192.168.0.201 -j MASQUERADE Thanks for your time, Dana Hi, your iptables $CURIP update is exactly what I’m looking for! I understand you entire script until it gets to the part on updated the iptable rules? Could you explain in more detail how this would work? I am just unclear how you actually get it into my iptables script.

WHAT I’M UNSURE OF:
# update the iptables rules if the current IP is different from the last ip in /tmp/lastip
if [ "$CURIP" != "$LASTIP" ]
then
#add your iptables rule here to remove the old rules with the external dynamic ip in it, and insert the new IP
#using the $CURIP variable.

HERE IS WHERE I NEED THIS INJECTED INTO MY IPTABLES SCRIPT:

$IPT -A PREROUTING -t nat -d my.isp.ip.addr -p tcp –dport 8080 -j DNAT –to 192.168.0.201:8080
$IPT -t nat -A POSTROUTING -s 192.168.0.0/24 -p tcp –dport 8080 -d 192.168.0.201 -j MASQUERADE
$IPT -A PREROUTING -t nat -d my.isp.ip.addr -p tcp –dport 2020 -j DNAT –to 192.168.0.201:2020
$IPT -t nat -A POSTROUTING -s 192.168.0.0/24 -p tcp –dport 2020 -d 192.168.0.201 -j MASQUERADE

Thanks for your time,

Dana

]]>