* port forwaring from localhost to inet
@ 2005-06-04 16:59 Oran G
2005-06-06 8:56 ` Jörg Harmuth
0 siblings, 1 reply; 3+ messages in thread
From: Oran G @ 2005-06-04 16:59 UTC (permalink / raw)
To: netfilter
hello,
I want to forward local requests to a mashine on the network.
I have a few hundred cgi scripts running on the webserver and using a
mysql-server on the same host. now i have set up a separate
mysql-linux-box and since it would be to much work to rewrite all the
scripts, im trying to redirect all trafic from localhost:3306 to
somepublicip:3306.
i used:
iptables -t nat -A PREROUTING -p tcp --dport 3306 -j DNAT --to 195.x.x.x
which works well form inet to inet but if I put '-o lo' to the line it
doesnt.
i understand that this could be becouse the source of the packets would
also require some rewriting, but i dont know how to do this. is there a
way to solve this with iptables or shoud i try it with ssh-tunels?
thax, oran g
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: port forwaring from localhost to inet
2005-06-04 16:59 port forwaring from localhost to inet Oran G
@ 2005-06-06 8:56 ` Jörg Harmuth
2005-06-06 11:25 ` Oran G
0 siblings, 1 reply; 3+ messages in thread
From: Jörg Harmuth @ 2005-06-06 8:56 UTC (permalink / raw)
To: netfilter
Oran G schrieb:
> hello,
>
> I want to forward local requests to a mashine on the network.
This is done in nat table with OUTPUT chain. This chain is for natting
locally generated packages. If you don't have this chain, you have to
recompile the kernel with appropriate settings.
Have a nice time
Joerg
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: port forwaring from localhost to inet
2005-06-06 8:56 ` Jörg Harmuth
@ 2005-06-06 11:25 ` Oran G
0 siblings, 0 replies; 3+ messages in thread
From: Oran G @ 2005-06-06 11:25 UTC (permalink / raw)
To: netfilter
>
>
>Oran G schrieb:
>
>
>>hello,
>>
>>I want to forward local requests to a mashine on the network.
>>
>>
>
>This is done in nat table with OUTPUT chain. This chain is for natting
>locally generated packages. If you don't have this chain, you have to
>recompile the kernel with appropriate settings.
>
>Have a nice time
>
>Joerg
>
>
that was it, thanx!
iptables -t nat -A OUTPUT -o lo -p tcp --dport 8111 -j DNAT --to-destination 192.168.0.11:80
this leadts me to my second question, maybe little offtopic:
i can realize the same functionality with an ssh tunnel. since encryption is a nice extra but not neccesary i wonder about how it would affect the performance of the communikation line.
both of my mashines have 2-3 GigH CPUs, and as i described befor, one runs apache the another mysql, both under heavy use.
oran G
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2005-06-06 11:25 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-06-04 16:59 port forwaring from localhost to inet Oran G
2005-06-06 8:56 ` Jörg Harmuth
2005-06-06 11:25 ` Oran G
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.