On Wed, 2003-09-24 at 05:35, Gavin Hamill wrote: > Hullo :) > > Cutting to the chase, I'm moving a machine on IP 1.1.1.1 from our leased line > in the office to a data centre at IP 2.2.2.2, and I'd like my firewall box on > the 1.1.1.0 network to forward HTTP requests for the now non-existant 1.1.1.1 > to 2.2.2.2 and act as an HTTP proxy, just for the few hours whilst the DNS > updates... > > I realise that there will be lots of bandwidth wasted in shuffling duplicate > data back and forth, but it really only is for a few hours and numbskill ISPs > that ignore small DNS TTLs... > > Is this possible with iptables / SNAT / DNAT ? iptables -t nat -A PREROUTING -d 1.1.1.1 -p tcp --dport 80 -j DNAT --to 2.2.2.2 iptables -t nat -A POSTROUTING -d 2.2.2.2 -p tcp --dport 80 -j SNAT --to 1.1.1.x (firewall IP) and probably: iptables -A FORWARD -d 2.2.2.2 -p tcp --dport 80 -j ACCEPT and make sure you're accepting ESTABLISHED and RELATED state in FORWARD, or add a return traffic rule to FORWARD if you're stateless: iptables -A FORWARD -s 2.2.2.2 -p tcp --sport 80 -j ACCEPT j
