El miÃ, 02-03-2005 a las 18:35 +0100, odanes@xxxxxxx escribiÃ: > Hi, > > I would like to forward tcp connection to port 8000 to ports 8080 and 8081 on > the same machine in order to load balance HTTP request to two processes. So > I'va add the following rule > > iptables -t nat -A PREROUTING -p tcp --dport 8000 -m state --state NEW -j > REDIRECT --to-ports 8080-8081 > > I think that the first connection will be forwarded to 8080 and the sencond to > 8081 and so on. But when I connect to the port 8000 the connection is always > redirected to the same port 8080. > > Is my thought wrong ? The rule seems to be OK, but maybe you are testing your system from one IP only, and -m state --state NEW it's not watching your connections as NEW, but as ESTABLISHED. Have you tried it from some different IPs? Anyway I think you should remove the -m state --state NEW, so all the packets from the connection are DNATed. > regads, olivier. Regards. -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac@xxxxxxxxx bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAÃA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road"
