To specify a certain source ip use this..
iptables -t nat -A PREROUTING -p tcp -s 192.168.1.1/32 -d 192.168.1.2 --dport 22 -j DNAT --to 192.168.2.2:22 |
Sir,
Can u teach me how to work in DSL using iptables? Can u give me an example sir ? |
There is nothing special about iptables and DSL you just use your ip address, the ethernet interface that the DSL tunnels through or a combination of both. Think of it as an ethernet connection, there is no difference as far as the firewall is concerned.
If your talking about a connection problem to your server from outside then some ports may be blocked by your isp. If that's your problem then you can use alternative ports for anything except port 25 and 80. If your running a webserver or smtp server then these ports must be open through the isp or you need to have another system to use that the ports are open on. Give a specific problem related to DSL if you have one. |
Okay Sir,
Sir uhmmm, like this I have two ISP's server1 = 2 nics 1st nic = 1st ISP , ip address 2nd nic = local ip 192.168.2.1 server2 = 2 nics 1st nic = 2nd ISP, ip address 2nd nic = local ip 192.168.2.2 How do I share the internel connection of this servers '1 and 2' to the server under them 'server3, server4, server5 ...' and sir what is the best DSL client software? Thank you in advance... :-) :Pengy: :Pengy: :newbie: |
The dsl connection is supported by the kernel. The connection is done with pppoe which is not much different than ppp except that it tunnels through an ethernet type of connection. ppp is point to point protocol and pppoe is point to point protocol over ethernet. Basically the login is done using the point to point protocol just like dialup. The RedHat rpm is called rp-pppoe..
http://rpmfind.net/linux/rpm2html/se...&system=&arch= If these are servers then I would say the easiest thing to do is to route server3.com via dns to server1.com and server4.com to server2.com like that. This way the redirects are done by one machine to the correct port on the other machine. Or you can have both server1.com and server2.com registered for server3.com and server4.com and then it would be the client connecting that will decide. You would need to register an A record for both server1 and server2 at myservers.com. example.. dig yahoo.com ; <<>> DiG 9.2.2 <<>> yahoo.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7864 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 5, ADDITIONAL: 0 ;; QUESTION SECTION: ;yahoo.com. IN A ;; ANSWER SECTION: yahoo.com. 234 IN A 66.94.234.13 yahoo.com. 234 IN A 216.109.112.135 ;; AUTHORITY SECTION: yahoo.com. 172791 IN NS ns5.yahoo.com. yahoo.com. 172791 IN NS ns1.yahoo.com. yahoo.com. 172791 IN NS ns2.yahoo.com. yahoo.com. 172791 IN NS ns3.yahoo.com. yahoo.com. 172791 IN NS ns4.yahoo.com. Note two A records for yahoo.com. This means each ip will go to yahoo.com which in your case could be server1 and server2. Note the NS records. It's actually left up to the connecting client to decide which one to use here for nameservice for yahoo.com. The one that is connected to will decide or actually be configured to return an ip address for one or the other servers. You can't really control dns and make it decide when to use a certain one unless you register your domains with your own dns server. If you setup your own dns server then you could have some control over the routing of dns, possibly making changes dynamically. example.. dig @ns4.yahoo.com yahoo.com ; <<>> DiG 9.2.2 <<>> @ns4.yahoo.com yahoo.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4781 ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 5, ADDITIONAL: 5 ;; QUESTION SECTION: ;yahoo.com. IN A ;; ANSWER SECTION: yahoo.com. 300 IN A 66.94.234.13 yahoo.com. 300 IN A 216.109.112.135 ;; AUTHORITY SECTION: yahoo.com. 172800 IN NS ns1.yahoo.com. yahoo.com. 172800 IN NS ns2.yahoo.com. yahoo.com. 172800 IN NS ns3.yahoo.com. yahoo.com. 172800 IN NS ns4.yahoo.com. yahoo.com. 172800 IN NS ns5.yahoo.com. ;; ADDITIONAL SECTION: ns1.yahoo.com. 172800 IN A 66.218.71.63 ns2.yahoo.com. 172800 IN A 66.163.169.170 ns3.yahoo.com. 172800 IN A 217.12.4.104 ns4.yahoo.com. 172800 IN A 63.250.206.138 ns5.yahoo.com. 172800 IN A 216.109.116.17 ;; Query time: 634 msec ;; SERVER: 63.250.206.138#53(ns4.yahoo.com) ;; WHEN: Fri Feb 11 23:36:41 2005 ;; MSG SIZE rcvd: 229 here I asked ns4.yahoo.com who yahoo.com is and got both ip addresses. If they wanted to they could have ns4.yahoo.com setup to only give one of the ip addresses. Using iptables you could configure certain ip address ranges incoming traffic to go to one system or the other and also configure certain ethernet interfaces to go to one system or the other. You could also use one machine for both isp's and have the same thing instead of using two machines. I guess your trying to balance the load but keep in mind the bandwidth and if it really takes two router boxes to handle it, which is what I would call the redirecting boxes. Even if they are servers they are acting as routers for the other servers. |
Sir,
Can I give you my diagram 'my network setup', sir thank you for helping me always, Sir do you have yahoo messenger? can we chat? |
I am shutting down for the night here as I will be up at 4:30 for work.
I'm not sure what else your trying to do. Try to explain from what I have posted here what you would like to do and I or someone else will try to give more specific details to help. There are many ways to do something but you would need to define the goal you trying to reach. All of what I have posted is simple stuff but if needed there would be many more possible solutions. There is no limit to what can be done with routing. There is really just an unlimited amount of possibilities when it comes to routing and Linux. |
Okay sir, thank you.
|
Sir,
I Can't forward my port 80 to 192.168.1.57:80 here's my setup server : 2 nics . eth0 IP : 192.168.1.10 eth1 IP : 192.168.2.1 NETWORKING=yes HOSTNAME=msme3 GATEWAY=192.168.1.1 GATEWAYDEV=eth0 /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 BOOTPROTO=static BROADCAST=192.168.1.255 IPADDR=192.168.1.10 NETMASK=255.255.255.0 NETWORK=192.168.1.0 GATEWAY=192.168.1.1 FORWARD_IPV4=true ONBOOT=yes /etc/sysconfig/network-scripts/ifcfg-eth1 BOOTPROTO=static DEVICE=eth1 NETWORK=192.168.2.0 IPADDR=192.168.2.1 NETMASK=255.255.255.0 BROADCAST=192.168.2.255 GATEWAY=192.168.2.1 FORWARD_IPV4=true ONBOOT=yes client 2: running apache port 80 eth0 ip : 192.168.2.2 NETWORKING=yes HOSTNAME=smet GATEWAY=192.168.2.1 GATEWAYDEV=eth0 /etc/sysconfig/network-scripts/ifcfg-eth0 BOOTPROTO=static DEVICE=eth0 ONBOOT=yes NETWORK=192.168.2.0 IPADDR=192.168.2.2 NETMASK=255.255.255.0 BROADCAST=192.168.2.255 GATEWAY=192.168.1.10 client3: running apache : port 80 eth0 ip : 192.168.1.57 /etc/sysconfig/network- NETWORKING=yes HOSTNAME=melanio GATEWAY=192.168.1.10 GATEWAYDEV=eth0 /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 BOOTPROTO=static ONBOOT=yes NETWORK=192.168.1.0 IPADDR=192.168.1.57 NETMASK=255.255.255.0 BROADCAST=192.168.1.255 GATEWAY=192.168.1.10 # my syntx iptables -t nat -A PREROUTING -p tcp -d 192.168.1.10 --dport 80 -j DNAT --to 192.168.1.57:80 I can't forward it sir to 192.168.1.57:80 What possibilities are the causes of the problem? But when I useed this: iptables -t nat -A PREROUTING -p tcp -d 192.168.1.10 --dport 80 -j DNAT --to 192.168.2.280 It works. Sir, Pleae help me. |
Make sure there is only one redirect to port 80.
Check the server at 192.168.1.57 by using that address on the server or on the local network and see if it works, use 127.0.0.1 on that server to see if it works. Check the firewall on both systems to be sure it's not blocked. Keep in mind that the one that works is routed through eth1, the one that does not is routed through eth0 if they are different networks. Netmask 255.255.255.0 seperates eth0 and eth1 into two seperate networks. Look at route -n and you'll see that 192.168.1.0 is a route and 192.168.2.0 is a route. Check the path of the cable on eth0, somewhere along that network it could be blocked. The firewall settings for eth0 and eth1 may be different. |
Go through this; its easy..
http://www.amitsharma.linuxbloggers....forwarding.htm amitsharma.linuxbloggers.com/iptables_port_forwarding.htm |
iptables port forwarding not working..
Hi ,
I have the following iptables config. Linux server is used for gateway, squid, VPN extra. We want it to port forward 3389 to the windows server for terminal services. However, the port forwarding does not seem to work at all! Here is the rule: [0:0] -A PREROUTING -d 10.1.253.254 -i eth1 -p tcp -m tcp --dport 3389 -j DNAT --to-destination 192.168.90.100:3389 Can anyone advise what may be going wrong?? Many thanks in advance Quote:
|
All times are GMT -5. The time now is 08:44 AM. |