LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Iptables - Port Forwarding (https://www.linuxquestions.org/questions/linux-networking-3/iptables-port-forwarding-60615/)

luivm 05-19-2003 07:44 AM
Iptables - Port Forwarding
 
Hi,

i have a smothwall firewall for my lan with three interfaces: red, orange and green.

In the red zone i have two public address: 212.x.x.x and 212.y.y.y .

In the orange zone i have two web server 10.0.z.z .

Now, with standard port forwarding (web configuration) i can forward data to one of my web server, because iptable look source address to make forward decision.

I want that iptables look destination address to make forward decision.

Please help me :)

bentz 05-19-2003 08:24 AM
I don't think I clearly understand your question. If you are currently mangling (changing, nat ing, etc.) your source address, you are probably performing SNAT in the POSTROUTING chain using iptables. This will allow your 'orange' interface to be able to access the internet, similar to IP Masquerading. This lets your multiple internal web servers hide behind the single IP of your firewall.

You say that you want iptables to route bases on the destination address, which would be DNAT in the PREROUTING chain. This is similar to load balancing your multiple internal web servers behind a single external IP.

If this isn't what you're going for at all, please clarify your question.

Also, if you have two public IPs and which to utilize the bandwith for both, you will need BGP. The only way to utilize more than one gateway to the internet is by using BGP. Not sure if this is what you've got planned or not.

Robert0380 05-19-2003 01:47 PM
just to add, BGP = Border Gateway Protocol, it's a routing protocol. Bentz if that's not what u mean, correct me if im wrong please. In particular it would be EBGP ( E for external).


as far as iptables go, if you want load balancing, i think it does some weak load balancing using round-robin

iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-dest 192.168.1.1 192.168.1.2

check me on this but i think what happens is, if you get 2 requests for port 80, 1 will go to 1.1 and the other will go to .1.2

double check me though on how it works and the syntax, i've never used it.

bentz 05-19-2003 02:30 PM
Nope, that's all correct. The --to-dest is just --to, though.

iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 192.168.1.1 --to 192.168.1.2


All times are GMT -5. The time now is 07:24 PM.