LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-16-2008, 05:10 AM   #1
ajayan
Member
 
Registered: Dec 2007
Posts: 89

Rep: Reputation: 16
Prerouting In Intranet


Hi all,

I have two webservers in an Intranet, one on 192.168.0.1, port 80, the
other on on 192.168.0.5 port 80. Each machine has only one ethernet
card, attached to the same switch.Now I want to take away the first
webserver In order to do this transparently, I thought of using a
redirect rule.

Thus, on 192.168.0.1 I tried the following command:

iptables -t nat -A PREROUTING -p tcp -d 192.168.0.1 --dport 80 -j DNAT
--to 192.168.0.5:80
iptables -t nat -A PREROUTING -p udp -d 192.168.0.1 --dport 80 -j DNAT
--to 192.168.0.5:80

For testing reasons, all the plicies on both machines are set to ACCEPT.
iptables -t nat -L -n yields:

Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT udp -- 0.0.0.0/0 192.168.0.1 udp dpt:80
to:192.168.0.5:80
DNAT tcp -- 0.0.0.0/0 192.168.0.1 tcp dpt:80
to:192.168.0.5:80

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

With these rules, I thought an attempt to reach 192.168.0.1:80 would
lead me to 192.168.0.5:80. But the latter one doesn't see anything.
What i am really missing?Please give me an advise
Ajayan
 
Old 09-16-2008, 09:53 PM   #2
estabroo
Senior Member
 
Registered: Jun 2008
Distribution: debian, ubuntu, sidux
Posts: 1,117
Blog Entries: 2

Rep: Reputation: 113Reputation: 113
You might need to turn forwarding on for this to work. echo 1 > /proc/sys/net/ipv4/ip_forward (you can usually set it permanently in /etc/sysctl.conf)
 
Old 09-17-2008, 12:23 AM   #3
ajayan
Member
 
Registered: Dec 2007
Posts: 89

Original Poster
Rep: Reputation: 16
Quote:
Originally Posted by estabroo View Post
You might need to turn forwarding on for this to work. echo 1 > /proc/sys/net/ipv4/ip_forward (you can usually set it permanently in /etc/sysctl.conf)
i have already turned it.But yet no result found.When i try to access 192.168.0.1 through browser it just searching and webpage on 192.168.0.5 will not display
 
Old 09-17-2008, 01:03 AM   #4
Berhanie
Senior Member
 
Registered: Dec 2003
Location: phnom penh
Distribution: Fedora
Posts: 1,625

Rep: Reputation: 165Reputation: 165
You need to do an SNAT on the way out, so that the packets get the source address of the proxy. Otherwise, the return packet goes directly from the .5 web server to the client. This is a problem since the client made the request of .1, not .5.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Forward OR PreRouting davidz Linux - Security 3 09-25-2007 08:13 AM
POSTROUTING or PREROUTING czezz Linux - Networking 2 01-23-2006 01:42 PM
prerouting question bugstein Linux - Networking 1 04-07-2005 10:49 PM
What makes an intranet an intranet? pembo13 Linux - Networking 3 06-21-2004 09:20 PM
Nat Prerouting lambmt Linux - Networking 5 10-07-2003 09:17 PM


All times are GMT -5. The time now is 04:42 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration