LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Rule to access application server (http://www.linuxquestions.org/questions/linux-networking-3/rule-to-access-application-server-828495/)

Gui 08-25-2010 07:45 PM

Rule to access application server
 
Hello,

I have 2 LANs in my network. They are:

LAN 1: 192.168.0.0
LAN 2: 192.168.1.0

Both LANs, communicate with each other. And both have an application server. In LAN1, I can access the web server, internal and external. At LAN2, only works on the internal network.

The rule that I'm using is as follows:

iptables -t nat -A PREROUTING -p tcp -d my_ip --dport 80 -j DNAT --to 192.168.1.254:80

This rule works for LAN1, but not for LAN2. Anyone know what that is can be lockin access?

* Sorry for bad english.. :banghead:

unSpawn 08-28-2010 06:06 AM

If you just want to access the two devices via the same destination "my_ip" you could change the destination port like this:
Code:

iptables -t nat -A PREROUTING -p tcp -d my_ip --dport 80 -j DNAT --to 192.168.0.254:80
iptables -t nat -A PREROUTING -p tcp -d my_ip --dport 81 -j DNAT --to 192.168.1.254:80

because you can not route to two devices on the same destination port. If you would like others to access the device based on certain criteria (one IP address only, routing using geo-location, whatever else) you need a form of load balancing. For HTTP-based methods see Apache docs, Pound or HAproxy. Also it would be good to familiarize yourself with the iptables HOWTO (http://www.frozentux.net/documents/iptables-tutorial/) and debugging iptables rule sets using "-j LOG" rules.

Gui 08-31-2010 06:06 AM

Quote:

Originally Posted by unSpawn (Post 4080520)
If you just want to access the two devices via the same destination "my_ip" you could change the destination port like this:
Code:

iptables -t nat -A PREROUTING -p tcp -d my_ip --dport 80 -j DNAT --to 192.168.0.254:80
iptables -t nat -A PREROUTING -p tcp -d my_ip --dport 81 -j DNAT --to 192.168.1.254:80

because you can not route to two devices on the same destination port. If you would like others to access the device based on certain criteria (one IP address only, routing using geo-location, whatever else) you need a form of load balancing. For HTTP-based methods see Apache docs, Pound or HAproxy. Also it would be good to familiarize yourself with the iptables HOWTO (http://www.frozentux.net/documents/iptables-tutorial/) and debugging iptables rule sets using "-j LOG" rules.

Yes, I did it.

But I managed to solve the problem, was setting at the Gateway 2. Firewall rules. =)


All times are GMT -5. The time now is 05:34 AM.