|
Help with NAT and route
Hi,
I'm trying to provide a new public address to a server I maintain and I could use some help figuring out the steps. The setup: Server 1 - The machine that needs a new address
Server 1 is already a production server in heavy use (so I need to be careful). The firewall currently used for NAT to that box is kind of limited, and we ran out of addresses in our WAN block. The CoLo facility provided us with a new block of addresses but the firewall can't handle 2 different subnets for whatever reason. Now Server 1 needs a new IP to accommodate a new SSL certificate. As a workaround, what I would like to do is provide NAT for Server 1 via Server 2, which has direct access to the new block of public addresses. Server 2 - The machine to provide NAT / routing
Server 1 and Server 2 both exist on LAN 1. What I would like to do is provide NAT from a new public address on Server 2 to a new local address on Server 1 and then add a route for the new interface on Server 1 to send outgoing responses through Server 2 where it is NAT'd again to appear to come from the new public address. I've taken a couple stabs at this without much luck so if anyone can help I'm much obliged. Thanks |
all I can do is suggest some documentation: http://www.netfilter.org/documentati...NAT-HOWTO.html
It sounds like you need what the doc calls "destination NAT" in contrast to "source NAT". You are using the last one already on the network now. Remember to make sure the replies from Server 1 to the internet are directed via Server 2 |
is this what you're trying to do?
internet ---> server2 ---> server1: server1 ---> server2 ---> internet why don't you just have the router pointing to your server2:port# with the request address of server1 going to that port on server 2, have that port forwarded to server1. as long as server2 has it's iptables/firewall configured properly, the requests to the internet from server1 should still go through. |
| All times are GMT -5. The time now is 06:40 AM. |