LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 07-19-2005, 10:44 PM   #1
whohasit
Member
 
Registered: Nov 2003
Location: Seattle
Distribution: Fedora Core 1
Posts: 34

Rep: Reputation: 15
Private/Local Network


Using NAT, DNS and a single public IP address on the gateway, what is the simplest way to have multiple machines on the same private network accepting requests to the same port? (e.g. running multiple web servers, all answering port 80, each accessible from the public address).

4 machine example:

banana.example.com (gateway - public address)

http://apple.example.com (private address)
http://orange.example.com (private address)
http://grape.example.com (private address)

Thanks in advance.
 
Old 07-19-2005, 10:53 PM   #2
dugas
Member
 
Registered: Jul 2004
Location: louisiana
Distribution: fedora 4/kubuntu
Posts: 116

Rep: Reputation: 15
private network

All the machines on the private network should only answer when their specific hostname is called. You need to add the hostnames and their respective ip addresses into the hosts file located in the /etc directory.
 
Old 07-19-2005, 11:08 PM   #3
whohasit
Member
 
Registered: Nov 2003
Location: Seattle
Distribution: Fedora Core 1
Posts: 34

Original Poster
Rep: Reputation: 15
We have names running on the gateway but I'm assuming that since all the addresses are private, we must use port forwarding on a port-by-port basis.

Are you suggesting using the hosts file instead without portforwarding? Can you provide any more details?
 
Old 07-20-2005, 12:36 AM   #4
mhallbiai
Member
 
Registered: Jun 2005
Posts: 96

Rep: Reputation: 16
dugas, i think what whohasit is wanting is:
if an external client attempts to connect to {apple,orange,grape}.example.com they will all three hit port 80 on the router/firewall/gateway, based on the destination (apple,orange,grape) the rtr/fw/gw will forward the request on to the correct (internal) system

whohasit,
i believe you can do this if dns resolves correctly so that banana knows what the internal ip to use for apple/orange/grape using iptables. i do not have a setup that i can test so it will just need to be attempted. i believe it would look something like this...

assumed: eth0 = Public; eth1 = Private

Code:
iptables -t nat -A PREROUTING -s 0/0 -d apple.example.com -i eth0 -p tcp --dport 80 -j DNAT --to apple.example.com:80
iptables -t nat -A PREROUTING -s 0/0 -d orange.example.com -i eth0 -p tcp --dport 80 -j DNAT --to orange.example.com:80
iptables -t nat -A PREROUTING -s 0/0 -d grape.example.com -i eth0 -p tcp --dport 80 -j DNAT --to grape.example.com:80
iptables -A FORWARD -s 0/0 -d apple.example.com -p tcp --dport 80 -m state --state NEW -i eth0 -o eth0 -j ACCEPT
iptables -A FORWARD -s 0/0 -d orange.example.com -p tcp --dport 80 -m state --state NEW -i eth0 -o eth0 -j ACCEPT
iptables -A FORWARD -s 0/0 -d grape.example.com -p tcp --dport 80 -m state --state NEW -i eth0 -o eth0 -j ACCEPT
you will need to place the nat prerouting and forward before any exclusive DROPs you have in your firewall/iptables rules now for those chains

hope this helps

Last edited by mhallbiai; 07-20-2005 at 12:38 AM.
 
Old 07-20-2005, 08:14 AM   #5
mhallbiai
Member
 
Registered: Jun 2005
Posts: 96

Rep: Reputation: 16
the more i think about this the more skeptical i become about it actually working...
 
Old 07-20-2005, 01:18 PM   #6
whohasit
Member
 
Registered: Nov 2003
Location: Seattle
Distribution: Fedora Core 1
Posts: 34

Original Poster
Rep: Reputation: 15
mhallbiai,

Thank you -- You are exactly correct regarding what we're trying to do.

However these rules (incl. apple) continue to fail:

Where I might be wrong? (order?)

Code:
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT
iptables -t nat -A PREROUTING -s 0/0 -d apple.example.com -i eth0 -p tcp --dport 80 -j DNAT --to-destination 192.168.0.230:80

Thanks again,
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
subdomain on private network dtra Linux - General 2 04-03-2005 07:27 PM
Making static symbols private/local in shared libraries skoona Programming 1 02-18-2005 03:14 PM
private network IP 'detected' bulliver Linux - Security 4 10-05-2004 03:03 PM
Virtual private network citrus Linux - Networking 1 05-24-2004 08:11 AM
Cannot resolve local addresses on local network danielgrenyer Linux - Networking 6 01-14-2004 11:03 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 04:47 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration