Hello,
Raghu Ni a écrit :
Here, creating an alias IP is not at all a secure way as both the
IPs (xxx.xxx.xxx.1 and xxx.xxx.xxx.2) are open to internet. So,
Why wouldn't it be secure ?
I don't understand why you don't want to give the address to the users.
without IP aliasing, How to DNAT a packet which is coming for
xxx.xxx.xxx.2 to my internal IP.
Exactly the same way as you do with IP aliasing :
iptables -t nat -A PREROUTING -p tcp --dport 22 -s x.x.x.x -d y.y.y.2 \
-j DNAT --to z.z.z.z
Of course, on an ethernet link you will run into the usual ARP problem.
But this is not really a Netfilter/iptables issue. See the topic
"Redirecting traffic from a non-existent IP" above.
