LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 08-25-2010, 08:45 PM   #1
Gui
LQ Newbie
 
Registered: Aug 2010
Posts: 2

Rep: Reputation: 0
Question Rule to access application server


Hello,

I have 2 LANs in my network. They are:

LAN 1: 192.168.0.0
LAN 2: 192.168.1.0

Both LANs, communicate with each other. And both have an application server. In LAN1, I can access the web server, internal and external. At LAN2, only works on the internal network.

The rule that I'm using is as follows:

iptables -t nat -A PREROUTING -p tcp -d my_ip --dport 80 -j DNAT --to 192.168.1.254:80

This rule works for LAN1, but not for LAN2. Anyone know what that is can be lockin access?

* Sorry for bad english..
 
Old 08-28-2010, 07:06 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,743
Blog Entries: 54

Rep: Reputation: 2972Reputation: 2972Reputation: 2972Reputation: 2972Reputation: 2972Reputation: 2972Reputation: 2972Reputation: 2972Reputation: 2972Reputation: 2972Reputation: 2972
If you just want to access the two devices via the same destination "my_ip" you could change the destination port like this:
Code:
iptables -t nat -A PREROUTING -p tcp -d my_ip --dport 80 -j DNAT --to 192.168.0.254:80
iptables -t nat -A PREROUTING -p tcp -d my_ip --dport 81 -j DNAT --to 192.168.1.254:80
because you can not route to two devices on the same destination port. If you would like others to access the device based on certain criteria (one IP address only, routing using geo-location, whatever else) you need a form of load balancing. For HTTP-based methods see Apache docs, Pound or HAproxy. Also it would be good to familiarize yourself with the iptables HOWTO (http://www.frozentux.net/documents/iptables-tutorial/) and debugging iptables rule sets using "-j LOG" rules.
 
Old 08-31-2010, 07:06 AM   #3
Gui
LQ Newbie
 
Registered: Aug 2010
Posts: 2

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by unSpawn View Post
If you just want to access the two devices via the same destination "my_ip" you could change the destination port like this:
Code:
iptables -t nat -A PREROUTING -p tcp -d my_ip --dport 80 -j DNAT --to 192.168.0.254:80
iptables -t nat -A PREROUTING -p tcp -d my_ip --dport 81 -j DNAT --to 192.168.1.254:80
because you can not route to two devices on the same destination port. If you would like others to access the device based on certain criteria (one IP address only, routing using geo-location, whatever else) you need a form of load balancing. For HTTP-based methods see Apache docs, Pound or HAproxy. Also it would be good to familiarize yourself with the iptables HOWTO (http://www.frozentux.net/documents/iptables-tutorial/) and debugging iptables rule sets using "-j LOG" rules.
Yes, I did it.

But I managed to solve the problem, was setting at the Gateway 2. Firewall rules. =)
 
  


Reply

Tags
iptables, lan, nat, webserver


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Snort SMTP rule "Access Denied for Mail Relay" volga629 Linux - Server 3 01-19-2010 02:09 PM
Access of an application on a Linux box (the "server") from outside the Local Area Ne Lordlava Linux - Newbie 3 08-08-2009 08:45 AM
iptables rule to ignore squid proxy server satish Linux - Networking 4 07-02-2008 08:26 AM
How to you access a second server hard wired to the server you can access with Putty? kortoom Linux - Server 2 06-16-2008 10:24 PM


All times are GMT -5. The time now is 09:35 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration