On Wed, March 1, 2006 13:19, account@xxxxxxxx wrote:
> I am having a lot of problems with setting up something relatively easy, but
> does not seem to work.
>
> Situation:
>
> +-------------+ |--- Box1 192.168.1.107:15009
> Internet ------| eth0 eth1|---------|--- Box2 192.168.1.108:15009
> +-------------+ |--- Box3 192.168.1.109:15009
> 62.59.197.53 192.168.1.1
>
> I have 3 boxes running the same services in a DMZ. Via the internet, I want
> the ability to access the different boxes, based on a different port number
> on the out-side. Out-side port 18107 should go to internal
> 192.168.1.107:15009, 18108 should go to 192.168.1.108:15009 and Port 18109
> should go to 192.168.1.109:15009.
> This was working, but the new security of the applications does demand that
> the services should be able to reinitiate the connection, using the same
> port as on the way in. So I need to make sure that box1
> (192.168.1.107:15009) always uses 62.59.197.53:18107 to connect to the
> outside.
>
> How do I setup these rules correctly for in and out going?
Have you looked at "man iptables", the SNAT section ?
===========
SNAT
....
It takes one type of option:
--to-source ipaddr[-ipaddr][:port-port]
which can specify a single new source IP address, an inclusive range of
IP addresses, and optionally, a port range (which is only valid if the rule
also specifies -p tcp or -p udp).
....
===========
It looks like :
$ipt -A POSTROUTING -s 192.168.1.107 -p tcp --sport 15009 \
-j SNAT 65.59.197.53:18107
should do the trick.
Gr,
ROb
