On Sep 17, 2011, at 2:02 PM, Christ Schlacta wrote: > I would like to dnat certain protocols (HTTP, HTTPS, SSH) to the > contents of an ipset (lan:+serviceshost or similar) where the ipset is > ensured to contain only one host, but can be changed dynamically when > services are in maintenance mode and go to the "services are down" > message on another server. Will this work, or am I barking up a fish here? >
You cannot specify an IPSET in the DEST column or in the ORIGINALDEST column of a DNAT rule. That is an iptables limitation. -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA http://p.sf.net/sfu/rim-devcon-copy2 _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
