Re: [leaf-user] Routing to two servers

Tom Eastep Tue, 24 Feb 2004 13:54:38 -0800

On Tue, 24 Feb 2004, JamesSturdevant wrote:

> I am trying to get two IPs on one interface to route to two different
> web servers. I am using Shorewall 1.4.2 on LEAF Bering.
>
> I have two IP addresses on my network interface:
> eth0   xx.yyy.zz.10
> eth0:0 xx.yyy.zz.11
>
> I am trying to route port 80 from each of them to different
> machines and changing the port on one.  This is what I have
> in my rules file:
>
> DNAT    net     loc:172.16.201.90:8081  tcp     80    -  xx.yyy.zz.11
> DNAT    net     loc:172.16.201.90       tcp     8081  -  xx.yyy.zz.11
>
> DNAT    net     loc:172.16.201.9        tcp     80    -  xx.yyy.zz.10
>
> I can get to my web server on xx.yyy.zz.10 and to my server on
> xx.yyy.zz.11 if is use port 8081 but not when I use port 80. The
> shorewall.log file show a DROP from net2all when port 80 is used.
>


May we see one of these messages?

> Shorewall status shows this for net2loc:
>
> Chain net2loc (1 references)
>   pkts bytes target     prot opt in  out  source     destination
>   4886 2563K ACCEPT     all  --  *   *    0.0.0.0/0  0.0.0.0/0      state
> RELATED,ESTABLISHED
>      0     0 newnotsyn  tcp  --  *   *    0.0.0.0/0  0.0.0.0/0      state
> NEW tcp flags:!0x16/0x02
>      0     0 ACCEPT     tcp  --  *   *    0.0.0.0/0  172.16.201.90  state
> NEW tcp dpt:8081
>      0     0 ACCEPT     tcp  --  *   *    0.0.0.0/0  172.16.201.90  state
> NEW tcp dpt:8081
>     20   960 ACCEPT     tcp  --  *   *    0.0.0.0/0  172.16.201.9   state
> NEW tcp dpt:80
>      5   328 net2all    all  --  *   *    0.0.0.0/0  0.0.0.0/0
>
> Chain net_dnat (1 references)
>   pkts bytes target     prot opt in  out  source     destination
>      0     0 DNAT       tcp  --  *   *    0.0.0.0/0  0.0.0.0/0      tcp
> dpt:8081 to:172.16.201.90
>      0     0 DNAT       tcp  --  *   *    0.0.0.0/0  xx.yyy.zz.11   tcp
> dpt:80 to:172.16.201.90:8081
>     20   960 DNAT       tcp  --  *   *    0.0.0.0/0  xx.yyy.zz.10   tcp
> dpt:80 to:172.16.201.9
>
>

Does the above show the entire contents of each chain?

-Tom
--
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]


-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Routing to two servers

Reply via email to