Can you recommend an alternate method to accomplish my desired outcome? I want to switch dynamically which host a (set of) dnat rules point to without having to restart shorewall.
On 9/17/2011 14:38, Tom Eastep wrote: > On Sep 17, 2011, at 2:02 PM, Christ Schlacta wrote: > >> I would like to dnat certain protocols (HTTP, HTTPS, SSH) to the >> contents of an ipset (lan:+serviceshost or similar) where the ipset is >> ensured to contain only one host, but can be changed dynamically when >> services are in maintenance mode and go to the "services are down" >> message on another server. Will this work, or am I barking up a fish here? >> > You cannot specify an IPSET in the DEST column or in the ORIGINALDEST column > of a DNAT rule. That is an iptables limitation. > > -Tom > > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > > > ------------------------------------------------------------------------------ > BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA > http://p.sf.net/sfu/rim-devcon-copy2 > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA http://p.sf.net/sfu/rim-devcon-copy2 _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
