asta este pentru traficul care vine pe 80 din exterior eu vreau ca traficul web al statiilor din retea sa iasa prin conexiunea 2 rutare in functie de port...
----- Original Message ----- From: "George" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, December 10, 2004 12:36 PM Subject: [rlug] Re: Forwarding doar pentru portul 80. > iptables -t nat -A PREROUTING -s 10.1.0.4 -p tcp > --dport 80 -j DNAT --to 10.2.0.4 > /* > Since DNAT requires quite a lot of work to work properly, I have decided to add a larger explanation on how to work with it. Let's take a brief example on how things would be done normally. We want to publish our website via our Internet connection. We only have one IP address, and the HTTP server is located on our internal network. Our firewall has the external IP address $INET_IP, and our HTTP server has the internal IP address $HTTP_IP and finally the firewall has the internal IP address $LAN_IP. The first thing to do is to add the following simple rule to the PREROUTING chain in the nat table: > iptables -t nat -A PREROUTING --dst $INET_IP -p tcp --dport 80 -j DNAT \ > --to-destination $HTTP_IP*/http://iptables-tutorial.frozentux.net/iptables-tutorial.html> Salut!> Am 2 conexiuni legate in 2 linuxuri diferite.> Unul singur este gateway pentru toata lumea si vreau ca tot ce vine pe portul 80 sa fie trimis catre celalalt linux sa iasa pe conexiunea 2.> > Am incercat sa fac SNAT la pachetele care vin pe portul 80 catre o clasa 10.2.0.0/24 si am pus o ruta ca tot ce e cu 10.2.0.0/24 sa se duca catre gateway-ul 10.1.0.2 (gateway 2 cu conexiunea 2)> (toate clasele sunt pe acelasi segment fizic de retea)> > din pacate in iptables nu pot sa fac:> > iptables -t nat -A PREROUTING -s 10.1.0.4 -p tcp --dport 80 -j SNAT --to 10.2.0.4> > Exista vreo solutie sa fac SNAT in prerouting? sau macar a imai incercat cinev si stie daca sunt pe calea cea buna?> > Claudiu.> > --- > Detalii despre listele noastre de mail: http://www.lug.ro/> > > __________ NOD32 1.944 (20041209) Information __________> > This message was checked by NOD32 antivirus system.> http://w > ww.nod32.com> > > > --- > Detalii despre listele noastre de mail: http://www.lug.ro/ > > --- Detalii despre listele noastre de mail: http://www.lug.ro/
