Re: Redirecting ports in a bridge

["Javier Prieto Martínez" <javier.prieto.ext@juntadeandalucia.es>]

>> Thanks for the advice. I'll try with EBTables, then.
>
> *nod*
>
> Except for possibly some syntactical change your rules should be very 
> similar and operate in the same fashion.
>
> Based on your previous statement "I don't want to mess with the real 
> IPs" it sounds like you don't even want to change source / destination 
> IPs of the traffic going to the back end system.  Am I understanding 
> you correctly that you indeed want to not alter the source and / or 
> destination IP?  If this is the case, be aware that you do not want to 
> NAT the IP and that you will be down to NATing the MAC address (which 
> can be done but is another discussion) as the frame is passing through 
> the bridge.
>
> I guess I should ask:
>
> +---+         +---+   +---+   +---+
> | C +-- - - --+ R +---+ A +---+ S |
> +---+         +---+   +---+   +---+
>
> Presuming that C is the client, R is the router, A is the appliance, 
> and S is one or more of the servers, do you want S to see the source 
> and destination IP that the client connected to?  Or is it ok for the 
> appliance to munge the source and / or destination IP (as seen by the 
> server) in the process of redirecting to the server?

Well.. I don't speak English very well, so it's easy to misunderstand my 
posts :-)

In your graph, "S" is my LAN with my all my servers and local 
workstations. When I say that "I don't want to mess with the real IPs", 
I mean I don't want to make any change within my LAN.

The point of the redirection is that, when I need to make a change in 
one of my servers, I'd like my appliance to redirect all the traffic 
coming from the extranet ("C") to another server. For example, if I have 
to stop the web server while upgrading, I'd like all the traffic coming 
from outside to reach another web server with a catched version of my 
web page.

The proccess should be something like that:

* C starts a connection to S1, port 80
* R routes that packet to my LAN
* A captures that packet, and changes the destintation to S2, port 80
* S2 generates a response to C
* A captures that packet, and changes its source to S1, port 80
* R routes that packet to the outside network
* C gets a packet from S1, port 80

I'm making some tests with EBTables in my lab enviroment.
I'll tell you the results.

Thanks a lot.