OK well you have to write the rules a little differently then. You can write it this way which redirects ALL port 80/443 including the other IP (4.3.2.1), then add a rule for the 1 address (4.3.2.1) and redirect that to 10.1.1.2 example below.... # Redirect for this one IP to it's server iptables -A PREROUTING -t nat -i $EXTDEV -d 4.3.2.1 -p tcp --dport 80 -j DNAT 10.1.1.2 # Everything else goes to 10.1.1.1 server. iptables -A PREROUTING -t nat -i $EXTDEV -p tcp --dport 80 -j DNAT 10.1.1.1 does that make better sense now..?? Thanks, ____________________________________________ George Vieira Systems Manager georgev@xxxxxxxxxxxxxxxxxxxxxx Citadel Computer Systems Pty Ltd http://www.citadelcomputer.com.au -----Original Message----- From: Brei, Matt [mailto:mbrei@xxxxxxxxxxxxxxx] Sent: Thursday, May 22, 2003 11:25 AM To: netfilter@xxxxxxxxxxxxxxxxxxx; George Vieira Subject: RE: Multiple IP addresses Yes, almost anything is possible. >For instance, there are 3 web servers on the lan say 10.1.1.1 - 10.1.1.3 and >I want all port 80/443 that comes to the netfilter machine on the >inet_address 1.2.3.4 to go to lan_address 10.1.1.1 iptables -A PREROUTING -i $EXTDEV -d 1.2.3.4 -p tcp --dport 80 -j DNAT 10.1.1.1 # If I understand what you said is that "on the inet_address" meanin the -d destintion address..?? >and all port 80/443 from inet_address 4.3.2.1 to forward to 10.1.1.2 etc. Is this possible? iptables -A PREROUTING -i $EXTDEV -s 4.3.2.1 -p tcp --dport 443 -j DNAT 10.1.1.1 # Also you said "from inet_address".. I'm sorry, what I meant was "TO", I apologize. >If so, how about a point in the right direction. So what your doing is making everybody browse 10.1.1.1 but yourself coming from a different source IP outside to view a different webserver?? right?? Yes and no. I actually hadn't thought of it that way. The idea was to be able to split up multiple sites on different servers each using Apache's virtual hosts, say 10 or so per server. Thanks a bunch for the help. Matt ____________________________________________ George Vieira Systems Manager georgev@xxxxxxxxxxxxxxxxxxxxxx Citadel Computer Systems Pty Ltd http://www.citadelcomputer.com.au Phone : +61 2 9955 2644 HelpDesk: +61 2 9955 2698 -----Original Message----- From: Brei, Matt [mailto:mbrei@xxxxxxxxxxxxxxx] Sent: Thursday, May 22, 2003 9:02 AM To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: Multiple IP addresses Greetings, I'm using netfilter to nat/firewall my cable connection to my lan. I currently have 5 static IP addresses and would like to know if it is possible to alias all 5 addresses on the inet_iface and then forward to different machines on the lan_iface based on destination IP. For instance, there are 3 web servers on the lan say 10.1.1.1 - 10.1.1.3 and I want all port 80/443 that comes to the netfilter machine on the inet_address 1.2.3.4 to go to lan_address 10.1.1.1 and all port 80/443 from inet_address 4.3.2.1 to forward to 10.1.1.2 etc. Is this possible? If so, how about a point in the right direction. TIA Matt
