From: Dancer Vesperman <dancer@anthill.echidna.id.au>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] port forwarding to different servers with nat
Date: Fri, 05 Sep 2003 06:58:34 +0000 [thread overview]
Message-ID: <marc-lartc-106274540018806@msgid-missing> (raw)
In-Reply-To: <marc-lartc-106269521803965@msgid-missing>
On Fri, 2003-09-05 at 03:28, Ben wrote:
> Okay. So let's say it's fred and wilma, sharing the external dns name
> "external". So I would forward to fred and wilma like so:
>
> iptables -t nat -A PREROUTING -d external -p tcp --dport 80 -j DNAT --to fred
> iptables -t nat -A PREROUTING -d external -p tcp --dport 8080 -j DNAT --to wilma
>
> That makes sense to me. But how do the return packets get rewritten?
It just works, so long as the packets are traversing the same path to
get back to the originating peer.
A <-> B <-> C
B DNATs packets to C. As long as the returning packets from C pass back
through B to A, it all works. If routes exist such that C can
communicate with A without passing through B, then it all falls down.
> On Thu, 4 Sep 2003, Lawrence MacIntyre wrote:
>
> > So for example, you want one machine (call it fred) to have a web server
> > on port 80, and another (call it wilma) to have a web server on port
> > 8080?
> >
> > Simply forward port 80 to fred:80 and port 8080 to wilma:80.
> > Alternately, you can run wilma's webserver on port 8080 and forward port
> > 8080 to wilma:8080.
> >
> > On Thu, 2003-09-04 at 13:05, Ben wrote:
> > > Hey guys, here's a basic problem I cannot seem to figure out. I've got a
> > > box doing NAT for some servers and masquarading for a bunch of other
> > > desktops. The way I have it working, I need to the give my NAT box one
> > > IP number for the masquarding, and then one additional IP number for each
> > > server it NATs for. That's a waste; I'd like to give the NAT box one IP
> > > for all servers, and then forward to the correct server based on port.
> > > (Yes, that implies none of the servers can run services on the same port,
> > > and I'm fine with that.)
> > >
> > > It seems like this should be a pretty common scenario, but I haven't been
> > > able to get it working and I haven't seen any examples online. I'm sure
> > > *somebody* has it working.... would that person please share the wealth?
> > >
> > >
> > > _______________________________________________
> > > LARTC mailing list / LARTC@mailman.ds9a.nl
> > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> >
>
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
--
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next prev parent reply other threads:[~2003-09-05 6:58 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-09-04 17:05 [LARTC] port forwarding to different servers with nat Ben
2003-09-04 17:16 ` Lawrence MacIntyre
2003-09-04 17:28 ` Ben
2003-09-04 22:35 ` trepo
2003-09-05 6:58 ` Dancer Vesperman [this message]
2003-09-05 13:50 ` Lawrence MacIntyre
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-106274540018806@msgid-missing \
--to=dancer@anthill.echidna.id.au \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox