From: Joel Newkirk <netfilter@newkirk.us>
To: netfilter@lists.netfilter.org
Cc: jhaynes@HERITAGEPROPANE.COM
Subject: Re: Transitioning from one DNAT gateway to another
Date: Fri, 21 Feb 2003 01:58:01 -0500 [thread overview]
Message-ID: <200302210158.01203.netfilter@newkirk.us> (raw)
In-Reply-To: <59610.12.227.180.139.1045788151.squirrel@web.heritagepropane.com>
On Thursday 20 February 2003 07:42 pm, Joe Haynes wrote:
> Hello to the list.
>
> I apologize if this subject has been covered
> elsewhere, but I have yet to locate instructions
> on how to to this (redirections to appropriate
> sites would be much appreciated).
>
> Our network is currently attached to the internet via
> a wavelan link (with a dedicated IP). We are transitioning
> over to a T-1 line that has a new IP address.
>
> What we would like to do is run a gateway off each single
> external address and redirect specific ports to a single
> internal server (we want to run both while we wait for
> DNS updates).
>
> Currently, we redirect port 80 on our external IP to an internal
> webserver (also on port 80) using this line:
> $IPT -t nat -A PREROUTING -i $INTERNET_DEV -d $INTERNET_IP -p tcp
> --dport 80 -d $INTERNET_IP -j DNAT --to 192.168.1.5
>
> We'd like to do the same thing off the new gateway that's
> linked to the T-1 line.
>
> The problem I've run into is the responses that have come
> through the new gateway end up getting sent back out
> the old gateway.
>
> Is there a way to redirect packets to the internal server using
> PREROUTE and then change the source addresses using POSTROUTE so
> the responses from the internal server come back through
> the correct gateway?
You should do this in routing. Read up at
http://lartc.org/howto/lartc.rpdb.multiple-links.html#AEN266 which is
the specific part of the Linux Advanced Routing and Traffic Control
howto that deals with "Split Access", where you have incoming requests
on two different links that have to be answered back out the same link.
Essentially you set up two default routes each in it's own table, and set
routing rules that route traffic with a particular source IP to use the
appropriate routing table. Traffic inbound gets DNATted to the server,
and when it returns gets unDNATted to present source IP matching the
original destination IP of the request, then routing takes over and
sends it out the appropriate link.
j
> Thank you,
>
> Joe Haynes
> Helena Montana
prev parent reply other threads:[~2003-02-21 6:58 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-02-21 0:42 Transitioning from one DNAT gateway to another Joe Haynes
2003-02-21 5:08 ` Joe Haynes
2003-02-21 7:01 ` Joel Newkirk
2003-02-21 6:58 ` Joel Newkirk [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200302210158.01203.netfilter@newkirk.us \
--to=netfilter@newkirk.us \
--cc=jhaynes@HERITAGEPROPANE.COM \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.