RES: NAT 1:N

Email lists > Netfilter iptables discussion and user questions

Thread: RES: NAT 1:N

Search this list only Search all lists
RES: NAT 1:N
Brazil	2007-06-29 15:29:05
Maybe I wasn´t clear enought with my question, the two machines are web servers visible on the Internet, and I can´t use MASQUERADE for this. If it was the basics i wouldn´t bother you all. And sorry for the annoyance. Cheers., ------------------------------------------------- ,= ,-_-. =. Gustavo Lima Peres dos Santos (( /)0 0(_)) Security Analyst - INEP `-'(. .)`-' <gustavo.santosinep.gov.br> _/ Tel.: +55-61-2104-7684/9080 ------------------------------------------------- Esta mensagem eletrônica pode conter informações privilegiadas e/ou confidenciais, portanto fica o seu receptor notificado de que qualquer disseminação, distribuição ou cópia não autorizada é estritamente proibida. Se você recebeu esta mensagem indevidamente ou por engano, por favor, informe este fato ao remetente e a apague de seu computador imediatamente. This e-mail message may contain legally privileged and/or confidential information, therefore, the recipient is hereby notified that any unauthorized dissemination, distribution or copying is strictly prohibited. If you have received this e-mail message inappropriately or accidentally, please notify the sender and delete it from your computer immediately. -----Mensagem original----- De: Eljas Alakulppi [mailto:Buzerbuzer.net] Enviada em: sexta-feira, 29 de junho de 2007 17:19 Para: Gustavo L. P. dos Santos; netfilterlists.netfilter.org Assunto: Re: NAT 1:N First I recomend you to read some basic documentation about iptables (this is covered in about every iptables howto). Anyway, the command is (of course, make sure you have the required modules loaded/compiled in kernel): iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE Gustavo L. P. dos Santos <gustavo.santosinep.gov.br> kirjoitti Fri, 29 Jun 2007 23:01:41 +0300: > Hi, > > I´m new on the list, so don´t get mad if my question was posted before. > I need some help to configure a NAT 1:N with iptables. I need some > examples of the syntax to implement this. > > Here is the solution, that i want to implement: I have two machines in > my LAN, that i want to be visible on the Internet using only one valid > IP. > > Sorry for the bad english. > > Cheers, > > ------------------------------------------------- > ,= ,-_-. =. Gustavo Lima Peres dos Santos > (( /)0 0(_)) Security Analyst - INEP > `-'(. .)`-' <gustavo.santosinep.gov.br> > _/ Tel.: +55-61-2104-7684/9080 > ------------------------------------------------- > > Esta mensagem eletrônica pode conter informações privilegiadas e/ou > confidenciais, portanto fica o seu receptor notificado de que qualquer > disseminação, distribuição ou cópia não autorizada é estritamente > proibida. Se você recebeu esta mensagem indevidamente ou por engano, por > favor, informe este fato ao remetente e a apague de seu computador > imediatamente. > > This e-mail message may contain legally privileged and/or confidential > information, therefore, the recipient is hereby notified that any > unauthorized dissemination, distribution or copying is strictly > prohibited. If you have received this e-mail message inappropriately or > accidentally, please notify the sender and delete it from your computer > immediately. >

RE: NAT 1:N
	2007-06-29 15:33:50
Are you looking for redirect rules? -A PREROUTING -d w.x.y.z -p tcp -m tcp --dport 80 -j DNAT --to-destination 172.16.0.2 You can't have two Web servers redirected through one IP address because there is only one port 80. You'd have to move the other Web server to another port. If you are looking for load balancing, you may need to look elsewhere. Ric -----Original Message----- From: netfilter-bounceslists.netfilter.org [mailto:netfilter-bounceslists.netfilter.org] On Behalf Of Gustavo L. P. dos Santos Sent: Friday, June 29, 2007 2:29 PM To: Eljas Alakulppi; netfilterlists.netfilter.org Subject: RES: NAT 1:N Maybe I wasn´t clear enought with my question, the two machines are web servers visible on the Internet, and I can´t use MASQUERADE for this. If it was the basics i wouldn´t bother you all. And sorry for the annoyance. Cheers., ------------------------------------------------- ,= ,-_-. =. Gustavo Lima Peres dos Santos (( /)0 0(_)) Security Analyst - INEP `-'(. .)`-' <gustavo.santosinep.gov.br> _/ Tel.: +55-61-2104-7684/9080 ------------------------------------------------- Esta mensagem eletrônica pode conter informações privilegiadas e/ou confidenciais, portanto fica o seu receptor notificado de que qualquer disseminação, distribuição ou cópia não autorizada é estritamente proibida. Se você recebeu esta mensagem indevidamente ou por engano, por favor, informe este fato ao remetente e a apague de seu computador imediatamente. This e-mail message may contain legally privileged and/or confidential information, therefore, the recipient is hereby notified that any unauthorized dissemination, distribution or copying is strictly prohibited. If you have received this e-mail message inappropriately or accidentally, please notify the sender and delete it from your computer immediately. -----Mensagem original----- De: Eljas Alakulppi [mailto:Buzerbuzer.net] Enviada em: sexta-feira, 29 de junho de 2007 17:19 Para: Gustavo L. P. dos Santos; netfilterlists.netfilter.org Assunto: Re: NAT 1:N First I recomend you to read some basic documentation about iptables (this is covered in about every iptables howto). Anyway, the command is (of course, make sure you have the required modules loaded/compiled in kernel): iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE Gustavo L. P. dos Santos <gustavo.santosinep.gov.br> kirjoitti Fri, 29 Jun 2007 23:01:41 +0300: > Hi, > > I´m new on the list, so don´t get mad if my question was posted before. > I need some help to configure a NAT 1:N with iptables. I need some > examples of the syntax to implement this. > > Here is the solution, that i want to implement: I have two machines in > my LAN, that i want to be visible on the Internet using only one valid > IP. > > Sorry for the bad english. > > Cheers, > > ------------------------------------------------- > ,= ,-_-. =. Gustavo Lima Peres dos Santos > (( /)0 0(_)) Security Analyst - INEP > `-'(. .)`-' <gustavo.santosinep.gov.br> > _/ Tel.: +55-61-2104-7684/9080 > ------------------------------------------------- > > Esta mensagem eletrônica pode conter informações privilegiadas e/ou > confidenciais, portanto fica o seu receptor notificado de que qualquer > disseminação, distribuição ou cópia não autorizada é estritamente > proibida. Se você recebeu esta mensagem indevidamente ou por engano, por > favor, informe este fato ao remetente e a apague de seu computador > imediatamente. > > This e-mail message may contain legally privileged and/or confidential > information, therefore, the recipient is hereby notified that any > unauthorized dissemination, distribution or copying is strictly > prohibited. If you have received this e-mail message inappropriately or > accidentally, please notify the sender and delete it from your computer > immediately. >

Re: NAT 1:N
Russian Federation	2007-06-30 02:54:29
RIC MESSIER WROTE: > ARE YOU LOOKING FOR REDIRECT RULES? > -A PREROUTING -D W.X.Y.Z -P TCP -M TCP --DPORT 80 -J DNAT --TO-DESTINATION 172.16.0.2 > > > YOU CAN'T HAVE TWO WEB SERVERS REDIRECTED THROUGH ONE IP ADDRESS BECAUSE THERE IS ONLY ONE PORT 80. YOU'D HAVE TO MOVE THE OTHER WEB SERVER TO ANOTHER PORT. IF YOU ARE LOOKING FOR LOAD BALANCING, YOU MAY NEED TO LOOK ELSEWHERE. > THIS CANNOT BE DONE VIA IPTABLES ONLY, BUT THIS CAN BE DONE WITH APACHE MOD_PROXY MODULE. INSTALL APACHE ON THE ROUTER AND PROXY REQUESTS TO BACKEND SERVER DISCRIMINATING BY THE SERVERNAME (FOR EXAMPLE, PROXY ALL REQUESTS TO HTTP://WEB1.EXAMPLE.COM/ TO FIRST WEB SERVER, HTTP://WEB2.EXAMPLE.COM/ TO THE SECOND).

Re: RES: NAT 1:N
Germany	2007-07-01 05:44:10
Hi, * Gustavo L. P. dos Santos <gustavo.santosinep.gov.br> 29. Jun 07: > Maybe I wasn??t clear enought with my question, the two machines are > web servers visible on the Internet, and I can??t use MASQUERADE for > this. If it was the basics i wouldn??t bother you all. And sorry for > the annoyance. Don't worry, seems you're not the only one who should do some RTFM on this list... The situation you have is clearly described at Oskar Andreassons great tutorial (a Must-Read for iptables users, IMHO): http://iptables-tutorial.frozentux.net/i ptables-tutorial.html#DNATTARGET You should use a range of IP#s for --to-destination. Note, that single TCP streams will allways be directed to same server while different streams will be directed in a simple load balancing manner (I think round robin). This implies that you don't have any problems with rather static content, but if you keep session information at server you have to distribute that to all your webservers. HTH, kind regards, Frank. -- Sigmentation fault

[1-4]

about | contact Other archives ( Real Estate discussion Medical topics )

Mailing lists

ARCHIVES