Find the answer to your Linux question:
Results 1 to 4 of 4
Hi all, I have two webservers in an Intranet, one on 192.168.0.1, port 80, the other on on 192.168.0.5 port 80. Each machine has only one ethernet card, attached to ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Sep 2008
    Posts
    13

    Prerouting intranet


    Hi all,

    I have two webservers in an Intranet, one on 192.168.0.1, port 80, the
    other on on 192.168.0.5 port 80. Each machine has only one ethernet
    card, attached to the same switch.Now I want to take away the first
    webserver In order to do this transparently, I thought of using a
    redirect rule.

    Thus, on 192.168.0.1 I tried the following command:

    iptables -t nat -A PREROUTING -p tcp -d 192.168.0.1 --dport 80 -j DNAT
    --to 192.168.0.5:80
    iptables -t nat -A PREROUTING -p udp -d 192.168.0.1 --dport 80 -j DNAT
    --to 192.168.0.5:80

    For testing reasons, all the plicies on both machines are set to ACCEPT.
    iptables -t nat -L -n yields:

    Chain PREROUTING (policy ACCEPT)
    target prot opt source destination
    DNAT udp -- 0.0.0.0/0 192.168.0.1 udp dpt:80
    to:192.168.0.5:80
    DNAT tcp -- 0.0.0.0/0 192.168.0.1 tcp dpt:80
    to:192.168.0.5:80

    Chain POSTROUTING (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    With these rules, I thought an attempt to reach 192.168.0.1:80 would
    lead me to 192.168.0.5:80. But the latter one doesn't see anything.
    What i am really missing?Please give me an advise
    Ajayan

  2. #2
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    Not sure I understand you question 100% soo....


    1. Are you getting to 192.168.0.5 when trying to connect to 192.168.0.1 on port 80?
    2. What do you mean with 'the latter one doesn't see anything'?

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  3. #3
    Just Joined!
    Join Date
    Sep 2008
    Posts
    13
    No i can't contact the web page on 192.168.0.5.when i am trying to get 192.168.0.1:80 through browser it get searching and does not show the web page in 192.168.0.5.I thinks above rule will redirect all web request on 192.168.0.1:80 to 192.168.0.5. Now I believes you can understand the problem.Pls Give me a solution

  4. #4
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    Change

    Code:
    j DNAT --to 192.168.0.5:80
    to

    Code:
    -j DNAT --to-destination 192.168.0.5
    You don't need the port unless you are changing it also.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •