Le 06/07/2010 13:28, Wade Gasior a écrit :
Hi... I am hoping that someone can help me with routing an already
established SSH session.
I have two physical servers set up: 192.168.1.150 and 192.168.1.160
All external traffic comes in to server .150
Initially, I want all traffic to be served by server 150. So for this
purpose I am leaving the IPTables on .150 empty (for sake of
simplicity).
At a point in time, I want to forward all incoming traffic to be
served by .160 instead.
I have accomplished this using these commands (on .150):
iptables -t nat -A PREROUTING -j DNAT --to 192.168.1.160
iptables -t nat -I POSTROUTING -j MASQUERADE
My problem is that if I have an open SSH connection to .150 (prior to
adding the rules), the packets are still handled by .150 after adding
the rules.. e.g. my SSH session stays active. I want these packets to
be forwarded to .160, which would effectively disconnect the SSH
session in a sense (I will later be performing a live server migration
from 150 to 160, so the SSH session should stay valid). I do not want
the packets flat out dropped, I need them to be forwarded on in
whatever state they are in.
If I try a _NEW_ SSH session, the packets are properly forwarded to .160
Any help would be appreciated to get these packets from the existing
session forwarded.
Thank you!
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Hi,
Why not enable SSH on an unusual port (for instance 1234 or anything) on
a server ?
1) The problem is much easier : iptables works great with port based rules
2) You can at any time contact the both servers. Usefull for instance if
your TCP session expire for any reason.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
