Centos IP tables DNAT
I have a box with two nics, one with say, 192.168.1.20 (eth0) the other interface is 192.168.1.21 (eth1). The default route table has (eth0) as interface with the default gateway
Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.1.20 * 255.255.255.0 U 0 0 0 eth0 192.168.1.21 * 255.255.255.0 U 0 0 0 eth1 169.254.0.0 * 255.255.0.0 U 0 0 0 eth1 default 1192.168.1.1 0.0.0.0 UG 0 0 0 eth0 The issue I'm having is this box is acting as a reverse proxy using apache, I have a site that will only allow incoming connections (192.168.1.22) from eth1 (192.168.1.21), anything coming from eth0 will be blocked. As eth0 is the default gateway, all traffic (port 80) is being sent out on this interface, thus getting rejected. Is their a simple way with say iptables to say traffic going to 192.168.1.22 has to leave eth1 ? |
Quote:
ip route add 192.168.1.22/32 dev eth1 via <next hop IP> Shouldn't have to do anything extra with iptables for what you are describing. |
Sorry, still kind of a newbie.
What would be the next hop ? the gateway ? |
From your description, it sounds like the next hop IP address would be 192.168.1.22.
For example, if you have two PCs (PC A and PC B) cabled into a switch, and you're configuring a route pointing to PC A on PC B, the next hop IP address will be the IP address of PC A. This tells PC B that the "next hop" to get to PC A is the IP address of PC A. If clients are connecting to you from behind a router (on a different subnet), the next hop IP address will be the internal IP address of your router, because packets have to "hop" through your router. This is an OK description: http://en.wikipedia.org/wiki/Hop_(networking) You're simply telling your computer what IP address it has to do an ARP request for, so it knows what MAC address to put in the Ethernet header before it sends the packet out. In your case, it sounds like you want this to be the MAC address of 192.168.1.22, not your router. So you'd have this: ip route add 192.168.1.22/32 dev eth1 via 192.168.1.22 |
I finally got around to giving this a go, It does work, But how do I get the route to stick after reboots ?
|
put the line in /etc/rc.local
|
Ok, Thanks, Now is it possible to add static routes to virtual adapters? I want to add eth1:0 but it doesn't appear to be working.
ip route add 192.168.25.47/32 via 192.168.91.21 dev eth1:0 that doens't return a error, but when i type route it only shows eth1 |
All times are GMT -5. The time now is 07:17 PM. |