----- "Nikolaos Milas" <nmilas@xxxxxx> escreveu: > De: "Nikolaos Milas" <nmilas@xxxxxx> > Para: centos@xxxxxxxxxx > Enviadas: Terça-feira, 7 de Janeiro de 2014 10:28:33 (GMT-0300) Auto-Detected > Assunto: Forward http traffic > > Hello, > > On CentOS 6.5 x86_64 I have (/etc/sysconfig/iptables): > > *filter > :INPUT ACCEPT [0:0] > :FORWARD ACCEPT [0:0] > :OUTPUT ACCEPT [0:0] > :RH-Firewall-1-INPUT - [0:0] > -A INPUT -j RH-Firewall-1-INPUT > -A FORWARD -j RH-Firewall-1-INPUT > -A RH-Firewall-1-INPUT -i lo -j ACCEPT > -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT > -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > -A RH-Firewall-1-INPUT -m state --state NEW -s 10.10.10.0/24 -m tcp -p > > tcp --dport 22 -j ACCEPT > -A RH-Firewall-1-INPUT -s 10.10.10.0/24 -m state --state NEW -m tcp -p > > tcp --dport 80 -j ACCEPT > -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited > COMMIT > > Now, I want to forward all http traffic coming in from > 10.250.250.0/24, > at local port 8080, to 2 particular IP Addresses (port 80). Is it > enough > to prepend (to the above) the following: > > *nat > :PREROUTING ACCEPT [0:0] > :POSTROUTING ACCEPT [0:0] > :OUTPUT ACCEPT [0:0] > -A PREROUTING -s 10.250.250.0/24 -p tcp --dport 8080 -j DNAT > --to-destination xxx.xxx.xxx.xxx:80 > -A PREROUTING -s 10.250.250.0/24 -p tcp --dport 8080 -j DNAT > --to-destination yyy.yyy.yyy.yyy:80 > COMMIT > > ...? > > Please advise! > > Thanks in advance, > Nick Hi Nick, If you put it that way only xxx will receive packets, to balance betwin both of them you will need this: -A PREROUTING -s 10.250.250.0/24 -p tcp -m tcp --dport 8080 -j DNAT --to-destination xxx.xxx.xxx.xxx-yyy.yyy.yyy.yyy:80 Hope this helps, Att., Antonio. -- Antonio da Silva Martins Jr. Analista de Suporte NPD - Núcleo de Processamento de Dados UEM - Universidade Estadual de Maringá email: asmartins@xxxxxx fone: +55 (44) 3011-4015 / 3011-4411 inoc-dba: 263076*100 "Real Programmers don’t need comments — the code is obvious." -- Esta mensagem foi verificada pelo sistema de antivirus e acredita-se estar livre de perigo. _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos