In the webserver: # /sbin/ifconfig eth0:0 192.168.128.5 # /sbin/ifconfig eth0:1 192.168.128.6 In the NAT firewall insert in the *nat table of /etc/sysconfig/iptables: # vi /etc/sysconfig/iptables -A PREROUTING -d 64.24.12.45 -j DNAT --to-destination 192.168.128.5 -A PREROUTING -d 64.24.12.46 -j DNAT --to-destination 192.168.128.5 # service iptables stop # service iptables start On Mon, 5 Jul 2004 21:50:21 -0700 (PDT), Redhat Enterprise <redhat_help@xxxxxxxxx> wrote: > Hello group/Pete > > I tried that, what i use is RH9.0. With it's iptables > installation. Yes as U say there are 3 NICs. When i > did what U said and initialized the FW script it says: > warning: wiered character in interface 'eth0:1'(no > aliases, ! or *) > this follows on for all the lines which have the > aliased IPs, for eth0:1 and eth2:1. > > How could i get about doing this ? > > TIA > > > > > --- Pete Nesbitt <pete@xxxxxxxxx> wrote: > > On July 4, 2004 11:58 pm, Redhat Enterprise wrote: > > > What i wanted to do was to have 2 web servers > > having > > > private IPs( Ex: 192.168.128.5 and 192.168.128.6 > > on > > > the 255.255.255.0 subnet). The hub connecting > > these > > > machines would be connected to my Linux firewall > > > machine. In other words the private IPs are the > > ones > > > that make my DMZ, I shall call this interface > > which is > > > connected to the DMZ as eth1. > > > What i want to do is redirect all requests to > > > 64.24.12.45 to 192.168.128.5 and 64.24.12.46 to > > > 192.168.128.6 at the moment i have no problem in > > doing > > > the natting and everything related to send/receive > > > from the 64.24.12.45. > > > What i thought was to have a virtual interface and > > > bind the other internet routable address to it, ex > > > eth0:0. What are my options? > > > Also how could i do the POSTROUTING SNAT if I > > cannot > > > use virtual in terfaces? > > > > > > > Hi, > > I'm not sure I understand your question. As I read > > it, you have 3 boxes, 2 > > acting as web servers and 1 as a firewall. They are > > connected via a hub. It > > looks like the fw has at least 2 nics, one for the > > internet and one for the > > dmz (web server area), and probably a 3rd for > > internal LAN. I am presuming a > > recent release of RH (say 8 or newer) > > > > You can add the static IP to the external ethernet > > by creating a "eth0:1" (not > > eth0:0). To do that manually, cp your > > /etc/sysconfig/network-scripts/eth0 to > > eth0:1. The edit the IP address and hard link it > > into > > /etc/sysconfig/networking/devices/ifcfg-eth0:1 > > and > > > /etc/sysconfig/networking/profiles/default/ifcfg-eth0:1 > > > > Your postrouting should show something in the way > > (all one line): > > $IPTABLES -A POSTROUTING -t nat -p tcp -o $EXT_IF -s > > $WEB_SERVER_1 -j SNAT > > --to-source $EXT_IP_1 > > > > $IPTABLES -A POSTROUTING -t nat -p tcp -o $EXT_IF -s > > $WEB_SERVER_2 -j SNAT > > --to-source $EXT_IP_2 > > > > Hope that helps. > > -- > > Pete Nesbitt, rhce > > > > > > -- > > redhat-list mailing list > > unsubscribe > > > mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > > https://www.redhat.com/mailman/listinfo/redhat-list > > > > > __________________________________ > Do you Yahoo!? > Yahoo! Mail - 50x more storage than other providers! > > > http://promotions.yahoo.com/new_mail > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
