Hi Damien, > I have two interfaces, eth1 and eth2 > > I have multiple vlans on a eth1, that is, eth1.1 and eth1.2, eth1.3 [...] > However, there are servers on Vlan2 which I would like to forward > traffic to from the external interface, I would imagine that I could do > something like: > > iptables -A PREROUTING -t nat -p tcp -d 203.221.181.27 --dport 80 -j > DNAT --to 192.168.50.10:80 > > But I cannot specify an interface -i eth1.2 in the prerouting, because > it occurs pre-routing? I don't see why you can't do this. We do it and it works. You might get a warning about "strange characters in interface name" if you have an old iptables version, but it should still work. > How can I forward traffic to a host on a vlan when the vlans don't > use unique addressing schemes?.. I was thinking I may have to -j > REDIRECT the traffic to another chain, and forward it from there? I don't think the REDIRECT target would help you here. Cheers, Chris. -- ___ __ _ / __// / ,__(_)_ | Chris Wilson -- UNIX Firewall Lead Developer | / (_ / ,\/ _/ /_ \ | NetServers.co.uk http://www.netservers.co.uk | \ _//_/_/_//_/___/ | 21 Signet Court, Cambridge, UK. 01223 576516 |
