LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   How can you make one IP address translate internally to another IP address? (https://www.linuxquestions.org/questions/linux-networking-3/how-can-you-make-one-ip-address-translate-internally-to-another-ip-address-584011/)

bppilot 09-11-2007 07:38 PM
How can you make one IP address translate internally to another IP address?
 
First off, thanks for any help anyone can provide. I'm definitely stuck on this one and can't seem to figure it out myself.

I've got a bit of a unique (at least I think so!) situation that I'm hoping someone can shed some light on. After suffering a massive failure during a hosting company move, I decided to take my online webserver destiny into my own hands. I've got two idential systems, both running Red Hat Enterprise Linux ES release 4 (Nahant Update 5) and Plesk 8.2.0 with all of my domains on them. The drive from the first system was DD'd to the second system, so they are identical in every way. One is at my new hosting company, and I have one in-house as a backup.

Here's my issue:

On my primary box, I've got it set to copy all of the files nightly and update them on my backup server. This all works great to keeps my backup server up to date as an exact clone. The only problem lies in the IP address routing.

On my primary online box, I've got sites running on the following IP addresses (just for example, not the "true IP's"):
74.123.123.111
74.123.123.222

The network connection to my backup box actually has the IP's of:
192.168.123.245
192.168.123.246

These are virtual sites on the IP's. So, if I go to access my primary box at my hosting company, I can type in www.example.com and it translates to the right IP on the box and makes the connection.

If I go to access it on my in-house "backup" server, it doesn't work (I've added www.example.com 192.168.123.245 to my windows hosts file for this test) - I do see the "default" page for the IP itself though. So, I am able to access the web server, but the address translation doesn't take place properly to get me to the right virtual site on the internal IP.)

I know that I can go into the Plesk panel and change each and every sites IP address to the 192.168.123.245, but that's not a good solution since I've got hundreds of sites and each night box is being overwritten again with the "fresh" data including the server companies IP addresses.

Is there any way that anyone knows of where I can do something perhaps with the ROUTE command or other system I can automated with a perl script to make it so that on the backup system, anyone that goes to www.example.com (or whatever domain) on 192.168.123.245, it will translate and forward it to the what the in-house box thinks is 74.123.123.111.

Hopefully this makes sense what I'm looking to do. Again, I'm not sure if I can do this with the ROUTE command, or the IP TABLES, or even if it's possible. Any suggestions will be greatly appreciated!

Here's my current ROUTE table (192.168.123.254 is the gateway that this backup box is plugged into):

192.168.123.0 * 255.255.255.0 U 0 0 0 eth0
192.168.123.0 * 255.255.255.0 U 0 0 0 eth1
10.100.0.0 * 255.255.0.0 U 0 0 0 eth1
169.254.0.0 * 255.255.0.0 U 0 0 0 eth1
default 192.168.123.254 0.0.0.0 UG 0 0 0 eth0

theNbomr 09-12-2007 08:54 AM
If I understand your question correctly, you've got absolute URLs embedded in your primary site documents, and these URLs point specifically at the primary site. If this is correct, it would seem that the optimal solution would be to translate those URLs to relative URLs. This will relieve you of the pain of any future migration from one IP to another.
--- rod.

theNbomr 09-12-2007 09:35 AM
Okay, your question intrigued me enough to do a little research, since it somewhat matches a requirement of my own. It seems to me that if the local clients route everything through a configurable router such as an iptables based linux host, then you should be able to DNAT the request packets that would be sent to the primary web server. The destination address would be translated to the local backup server, which would reply to the local client. The reply packets would need to be SNAT'ed, so they would appear to have originated at the primary server, and be properly handled upon receipt by the client.

Without being able to actually test it, I think you would want some iptables rules something like:
Code:
iptables -t nat -A PREROUTING -d 74.123.123.111:80 -j DNAT --to-destination 192.168.123.245:80
iptables -t nat -A POSTROUTING -s 192.168.123.245 -j SNAT --to-destination 74.123.123.111
This should make ALL HTTP traffic destined for the primary server redirect to the local backup.
Hopefully someone else skilled in the use of iptables can fill in any missing details or errors.

--- rod.

bppilot 09-12-2007 11:08 PM
Thanks for the suggestion on this one. I've tried the above solution, but am seeing the error:

iptables v1.2.11: Need TCP or UDP with port specification

I'll do a little research on this end and see if I can find out what might be missing in the line. Feeling like I'm much closer to a solution though! Thanks :)

theNbomr 09-13-2007 12:08 AM
Since I specified port 80, you need to add to each iptables command:
Code:
-p tcp
because HTTP uses TCP.

--- rod.


All times are GMT -5. The time now is 01:29 AM.