Redirect in intranet using DNAT?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: m_feldmann@t-online.de (Michael Feldmann)
To: netfilter@lists.netfilter.org
Subject: Redirect in intranet using DNAT?
Date: Sun, 16 Nov 2003 11:43:35 +0100	[thread overview]
Message-ID: <200311160017.05962.m.feldmann@nikocity.de> (raw)

Hi all, 

How can I redirect traffic from one internal IP to another? My situation is as 
follows:

I have two webservers in an Intranet, one on 192.168.0.1, port 80, the
other on on 192.168.0.5 port 80. Each machine has only one ethernet
card, attached to the same switch.Now I want to take away the first
webserver In order to do this transparently, I thought of using a
redirect rule.

Thus, on 192.168.0.1 I tried the following commands:

iptables -t nat -A PREROUTING -p tcp -d 192.168.0.1 --dport 80 -j DNAT
--to 192.168.0.5:80
iptables -t nat -A PREROUTING -p udp -d 192.168.0.1 --dport 80 -j DNAT
--to 192.168.0.5:80

For testing reasons, all the policies on both machines are set to ACCEPT.
iptables -t nat -L -n yields:

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DNAT       udp  --  0.0.0.0/0            192.168.0.1        udp dpt:80
to:192.168.0.5:80
DNAT       tcp  --  0.0.0.0/0            192.168.0.1        tcp dpt:80
to:192.168.0.5:80

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

With these rules, I thought an attempt to reach 192.168.0.1:80 would
lead me to 192.168.0.5:80. But it seems there are no packets arriving at 
192.168.0.5:80 .
Obviously, i seem to overlook something. But what?

Thanks in advance
Michael

P.S. Sorry if this question has been posted twice. I am note sure if 
yesterday's posting has really reched the list.

next             reply	other threads:[~2003-11-16 10:43 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-11-16 10:43 Michael Feldmann [this message]
2003-11-16 11:22 ` Redirect in intranet using DNAT? Antony Stone
     [not found]   ` <200311161301.40525.m_feldmann@t-online.de>
2003-11-16 12:14     ` : " Antony Stone

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200311160017.05962.m.feldmann@nikocity.de \
    --to=m_feldmann@t-online.de \
    --cc=m.feldmann@nikocity.de \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.