From: Christian Cernuschi <christian@cernuschi.com>
To: dhiraj.2.bhuyan@bt.com, netfilter@lists.netfilter.org
Subject: Re: redirection
Date: Wed, 9 Apr 2003 15:34:46 +0200 [thread overview]
Message-ID: <200304091534.46363.christian@cernuschi.com> (raw)
In-Reply-To: <7497DCA1C240C042B28F6657ADFD8E09250995@i2km11-ukbr.domain1.systemhost.net>
On Wednesday 09 April 2003 03:10 pm, dhiraj.2.bhuyan@bt.com wrote:
> note one thing -
>
> when the client tries to connect to port 80 of x.y.z.1, the firewall in
> x.y.z.1 redirects the traffic to x.y.z.2:80
>
> so the client will be receiving packets from x.y.z.2:80 - which is not what
> it is expecting. It is waiting for packets from x.y.z.1:80 - so it will no
> doubt timeout. You should be able to see the packets coming from x.y.z.2:80
> by running a sniffer on the client machine.
>
> I think Eric Joe did infact give the right solution - that x.y.z.1 will be
> working as a proxy between the client and x.y.z.2 - although you can
> question if you are achieving your "loadbalancing" by this.
>
exactly...
it's the same conclusion i arrived..
The solution (also for source adress keeping) is to masquerade the destination
machine under the first one!
The destination machine must not reside "under" the first.It can also be at
the same level (read attached to the same switch) but needs to have the first
machine as gateway. (so MASQ rules works)
Doing in this way should work everything!!
Thank you again (i liked to study this...)
xchris
next prev parent reply other threads:[~2003-04-09 13:34 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-04-09 13:10 redirection dhiraj.2.bhuyan
2003-04-09 13:34 ` Christian Cernuschi [this message]
2003-04-09 13:38 ` redirection xchris
-- strict thread matches above, loose matches on Subject: below --
2004-02-27 12:08 Redirection Sasa Stupar
2004-02-27 12:19 ` Redirection Antony Stone
[not found] ` <008b01c3fd2b$f8910320$2a245cc2@cea05>
2004-02-27 12:41 ` Redirection Sasa Stupar
2004-02-27 12:46 ` Redirection Sasa Stupar
2003-04-09 10:15 Redirection Simone Sestini
2003-04-09 10:03 redirection dhiraj.2.bhuyan
2003-04-09 10:25 ` redirection xchris
2003-04-09 8:40 redirection dhiraj.2.bhuyan
2003-04-09 9:13 ` redirection xchris
2003-04-08 18:31 redirection xchris
2003-04-08 18:44 ` redirection Eric Joe
2003-04-08 19:40 ` redirection xchris
2003-04-08 22:49 ` redirection Eric Joe
2003-04-08 23:17 ` redirection xchris
2003-04-08 16:10 redirection Christian Cernuschi
2003-04-10 17:45 ` redirection Eric Joe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200304091534.46363.christian@cernuschi.com \
--to=christian@cernuschi.com \
--cc=dhiraj.2.bhuyan@bt.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox