-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, Sep 28, 2005 at 11:37:41AM -0400, James Pifer wrote:
> On Wed, 2005-09-28 at 12:11 -0300, Rodrigo Barbosa wrote:
> > > allow: port 80
> > > allow: forward port 8000 for x.x.x.x to y.y.y.y
> >
> > Forward port 8000 to several hosts might be difficult using only iptables.
> > You might want to take a look at LVS (Linux Virtual Server) for that,
> > on http://www.linuxvirtualserver.org/
>
> No, I need to forward several machines through a specific port to a
> single machine. Not "forward 8000 to several hosts".
>
> Still looking over the other responses.
Humm, that should be relatively simple:
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --destination-port 8000 -j DNAT --to-destination ${DESTINATION_SERVER}
iptables -A FORWARD -p tcp --destination-port 8000 -d ${DESTINATION_SERVER} -s ${SOURCE1} -j ACCEPT
iptables -A FORWARD -p tcp --destination-port 8000 -d ${DESTINATION_SERVER} -s ${SOURCE2} -j ACCEPT
iptables -A FORWARD -p tcp --destination-port 8000 -d ${DESTINATION_SERVER} -s ${SOURCE3} -j ACCEPT
iptables -A FORWARD -p tcp --destination-port 8000 -d ${DESTINATION_SERVER} -s ${SOURCE4} -j ACCEPT
iptables -A FORWARD -p tcp --destination-port 8000 -d ${DESTINATION_SERVER} -j REJECT --reject-with tcp-reset
SOURCEX can be either a single IP address, or a network/netmask pair.
[]s
- --
Rodrigo Barbosa <rodrigob@xxxxxxxxxxxxxxx>
"Quid quid Latine dictum sit, altum viditur"
"Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDOr1HpdyWzQ5b5ckRAqJAAJ99nLSPq8hOkTrZyWJAOY5N/SQRVwCaA9Cr
5nxgHn9CunpeNHVblDw/rNk=
=YotM
-----END PGP SIGNATURE-----
