Fu-Tung Cheng a écrit :
$IPTABLES -A FORWARD -p tcp --destination-port 80 -j ACCEPT
$IPTABLES -t nat -A PREROUTING -j REDIRECT -p tcp --destination-port
80 --to-ports 12080
Now what I need to happen is that requests coming into ip1:80 goto
ip1:12080 and ip2:80 goto ip2:12080. What seems to be happening is
that all requests coming into 80 are going to ip1:12080.
If I understand correctly, you want to change only the destination port,
not the destination address. But the iptables manpage says that the
REDIRECT target replaces the destination address with the primary
address of the incoming interface, so it may not be suitable for your
purpose.
You can use the DNAT target instead. Either :
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to :12080
will translate the destination port 80 into 12080 regardless of the
destination address and without changing it,
or :
iptables -t nat -A PREROUTING -d $ip1 -p tcp --dport 80 \
-j DNAT --to $ip1:12080
iptables -t nat -A PREROUTING -d $ip2 -p tcp --dport 80 \
-j DNAT --to $ip2:12080
will translate only ip1:80 into ip1:12080 and ip2:80 into ip2:12080.
PS: What is the purpose of the first rule in the FORWARD chain ?
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
