Hi again, Ok, another thing I noticed. If I go to another system and issue the telnet: telnet a.xx.com 8080 it just haings. So I tried: iptables -t nat -F iptables -t nat -A PREROUTING -p tcp --dport 8080 -j LOG --log-prefix "WebProxy:" iptables -t nat -A PREROUTING -p tcp --dport 8080 -j DNAT --to-destination 192.168.1.220:80 And then I see: Dec 27 13:48:34 andoria kernel: WebProxy:IN=eth0 OUT= MAC=00:08:74:4f:f2:c9:00:07:e9:b1:6d:eb:08:00 SRC=192.168.1.197 DST=192.168.1.56 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=52720 DF PROTO=TCP SPT=3005 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 So, looks like the packets are forwarded. That said, looking at tcpdump output: tcpdump -i eth0 port 8080 13:50:36.668387 IP 192.168.1.197.3007 > 192.168.1.56.8080: S 229587113:229587113(0) win 65535 <mss 1260,nop,nop,sackOK> and no reply or forward. Any clue? Thank you. Andy On 12/27/05, Andy Lego <legoandy@xxxxxxxxx> wrote: > Hi Edmundo, > > Looks like I am doing something wrong: > > root@andoria # iptables -t nat -A PREROUTING -p tcp --dport 8080 -j > DNAT --to-destination 192.168.114.100:80 > root@andoria # telnet localhost 8080 > Trying 127.0.0.1... > telnet: connect to address 127.0.0.1: Connection refused > telnet: Unable to connect to remote host: Connection refused > root@andoria # telnet 192.168.114.100 80 > Trying 192.168.114.100... > Connected to a.xx.com (192.168.114.100). > Escape character is '^]'. > ^] > telnet> close > Connection closed. > > iptables -t nat -L > ~ > Chain PREROUTING (policy ACCEPT) > target prot opt source destination > DNAT tcp -- anywhere anywhere tcp > dpt:webcache to:192.168.114.100:80 > > Is there anything else I should be doing? > > Thank you. > > Andy > > On 12/25/05, Edmundo Carmona <eantoranz@xxxxxxxxx> wrote: > > that would be a DNAT rule on NAT PREROUTING, for starters (assuming > > we're working on a.xx.com). > > > > iptables -t nat -A PREROUTING -p tcp --dport 8080 -j DNAT > > --to-destination b.xx.com:80 > > > > On 12/25/05, Andy Lego <legoandy@xxxxxxxxx> wrote: > > > Hi, > > > > > > I would like to forward all requests that come to system a.xx.com at > > > port 8080 to go to another system b.xx.com to port 80. > > > > > > For example, I am running a web server on system b.xx.com, but I want > > > it to look like it is running on a.xx.com on different port. > > > > > > Also, I want to do this on a.xx.com only, without touching the > > > firewall or b.xx.com. > > > > > > Any ideas? > > > > > > Thank you. > > > > > > Andy > > > > > > > > > > > -- > http://legoandy.com > -- http://legoandy.com
