> > -----Original Message-----
> > From: centos-bounces@xxxxxxxxxx [mailto:centos-bounces@xxxxxxxxxx] On
> > Behalf Of Barry Brimer
> > Sent: Thursday, February 19, 2009 5:38 PM
> > To: CentOS mailing list
> > Subject: Re: iptables question
> >
> >
> >
> > On Thu, 19 Feb 2009 Ward.P.Fontenot@xxxxxxxxxxxxxx wrote:
> >
> >> Hi,
> >>
> >> I have two servers in the same subnet, one has this arrangement:
> >>
> >> BOX A [3 ips, one real two vips]
> >>
> >> BOX B [1 ip]
> >>
> >> I need to redirect input from one of the vips (192.168.0.1:8080) on
> > BOX
> >> A to BOX B (192.168.0.2:8080) and I'm about to pull my hair out. Can
> >> anyone lend a hand? All my searching leads me to home firewall type
> >> arrangements using DNAT. I tried to bend one of those to fit my
> >> situation but it was a no go (most likely due to my lack of knowledge
> >> with iptables)
> >
> > iptables -t nat -I PREROUTING -d 192.168.0.1 -p tcp --dport 8080 -j
> DNAT
> > --to 192.168.0.2
Hi.
DNAT is what you would be wanting. As can be seen, DNAT is processed
in the PREROUTING chain in the nat table, thus it happens before
packets hit the filter table and all you are doing is changing the
destination address.
You will still need rules in your forward chain of your filter table
(it is still forward even if the packets enter and exit the same
network card).
This rule will need to allow the original source to talk to the new destination.
Regards,
Andrew.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
