Re: Multiple Source IP Addresses

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Baake,

Thank you for reply.

What you suggesting will take care of routing incomming packets (from internet) to web server. In my scenario, I have a bot that parses sites and so the packets are coming from webserver to internet and source addresses must be different to load balance between internet connections.

-- 

Dennis O. Aliev 
 
On Fri, 11 Mar 2005 09:21:40 +0100
"Baake, Matthias" <m.baake@xxxxxxxx> wrote:

> If i understood it the right way you want to map an internal machine (e.g. Webserver) to an external address.
> Then you have to make a Rule into NAT Prerouting to redirect specific Traffic to the internal machine.
> 
> IPTABLES -t nat -A PREROUTING -i $EXT_IF -d $Your_ext_ip -j DNAT --to-destination $IP_OF_YOUR_INTERNAL_WEBSERVER
> 
> The filtering for this map you can still do in the filter table. Like your rule you already posted.
> This way your Internal Webserver should be reachable from the Internet.
> 
> /matthias baake
> 
> 
> 
> -----Original Message-----
> From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx
> [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx]On Behalf Of Dennis O.
> Aliev
> Sent: Friday, March 11, 2005 4:50 AM
> To: netfilter@xxxxxxxxxxxxxxxxxxx
> Cc: sergey@xxxxxxxxxx; daliev@xxxxxxxxxx
> Subject: Multiple Source IP Addresses
> 
> 
> Good evening,
> 
> Is there a way to send traffic from host behind IPTables firewall using different external source IP addresses that are assigned to firewall on the external interface?
> 
> Host behind firewall has single IP address (192.168.1.94)  and making  http based requests to internet.
> 
> Firewall has following rules to make it work:
> iptables -t filter -A forward -o eth0 -p tcp -s 192.168.1.94 --dport 80 -j ACCEPT
> iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.94 -j SNAT --to-source some_external_ip
> 
> I was thinking of making http request from host to a different port and then based on that change source address to another external address and change the destination port to 80, but can't figure out how to do that.
> 
> Does anyone have any ideas? Perhaps there is a different approach?
> -- 
> 
> Dennis O. Aliev
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux