On Fri, 2008-09-05 at 14:12 +0300, Cam Bazz wrote: > Hello > > I am running a glassfish server and I need the basic requirement of > forwarding port 80 to port 8080. Here is what I have done: (I put > 1.1.1.1 instead of my real ip adress.) > > # > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT; > iptables -A INPUT --destination 1.1.1.1/32 -p tcp --dport 8080 -m > conntrack --ctstate DNAT -j ACCEPT; > iptables -t nat -A PREROUTING -d 1.1.1.1/32 -p tcp --dport 80 -j > REDIRECT --to-port 8080; > iptables -A INPUT -j DROP; > iptables -I INPUT 1 -i lo -j ACCEPT; > # > > > it works fine. but here is the problem. I added another ip address > with ip aliasing and now I got eth0:1. > > I want to run apache on port 80 on this ip. > > but no matter what I tried, I could not modify the rules so packets > coming to eth0:1 port80 do not go to port 8080 on eth0. currently all > packets routed to eth0:1 port80 goes to eth0 port 8080. > > any ideas/recomendations/help greatly appreciated. The DNAT target can accept ip addresses as well as port numbers. -- Matt Zagrabelny - mzagrabe@xxxxxxxxx - (218) 726 8844 University of Minnesota Duluth Information Technology Systems & Services PGP key 1024D/84E22DA2 2005-11-07 Fingerprint: 78F9 18B3 EF58 56F5 FC85 C5CA 53E7 887F 84E2 2DA2 He is not a fool who gives up what he cannot keep to gain what he cannot lose. -Jim Elliot
Attachment:
signature.asc
Description: This is a digitally signed message part
