Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 09-16-2008, 04:10 AM   #1
Registered: Dec 2007
Posts: 89

Rep: Reputation: 16
Prerouting In Intranet

Hi all,

I have two webservers in an Intranet, one on, port 80, the
other on on port 80. Each machine has only one ethernet
card, attached to the same switch.Now I want to take away the first
webserver In order to do this transparently, I thought of using a
redirect rule.

Thus, on I tried the following command:

iptables -t nat -A PREROUTING -p tcp -d --dport 80 -j DNAT
iptables -t nat -A PREROUTING -p udp -d --dport 80 -j DNAT

For testing reasons, all the plicies on both machines are set to ACCEPT.
iptables -t nat -L -n yields:

target prot opt source destination
DNAT udp -- udp dpt:80
DNAT tcp -- tcp dpt:80

target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

With these rules, I thought an attempt to reach would
lead me to But the latter one doesn't see anything.
What i am really missing?Please give me an advise
Old 09-16-2008, 08:53 PM   #2
Senior Member
Registered: Jun 2008
Distribution: debian, ubuntu, sidux
Posts: 1,125
Blog Entries: 2

Rep: Reputation: 124Reputation: 124
You might need to turn forwarding on for this to work. echo 1 > /proc/sys/net/ipv4/ip_forward (you can usually set it permanently in /etc/sysctl.conf)
Old 09-16-2008, 11:23 PM   #3
Registered: Dec 2007
Posts: 89

Original Poster
Rep: Reputation: 16
Originally Posted by estabroo View Post
You might need to turn forwarding on for this to work. echo 1 > /proc/sys/net/ipv4/ip_forward (you can usually set it permanently in /etc/sysctl.conf)
i have already turned it.But yet no result found.When i try to access through browser it just searching and webpage on will not display
Old 09-17-2008, 12:03 AM   #4
Senior Member
Registered: Dec 2003
Location: phnom penh
Distribution: Fedora
Posts: 1,625

Rep: Reputation: 165Reputation: 165
You need to do an SNAT on the way out, so that the packets get the source address of the proxy. Otherwise, the return packet goes directly from the .5 web server to the client. This is a problem since the client made the request of .1, not .5.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Forward OR PreRouting davidz Linux - Security 3 09-25-2007 07:13 AM
POSTROUTING or PREROUTING czezz Linux - Networking 2 01-23-2006 12:42 PM
prerouting question bugstein Linux - Networking 1 04-07-2005 09:49 PM
What makes an intranet an intranet? pembo13 Linux - Networking 3 06-21-2004 08:20 PM
Nat Prerouting lambmt Linux - Networking 5 10-07-2003 08:17 PM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 06:11 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration