From: "Gene Dellinger" <gene@poh.com>
To: netfilter@lists.netfilter.org
Subject: dnat question
Date: Thu, 6 Oct 2005 17:32:12 -1000 [thread overview]
Message-ID: <BOEKIIIKCIBKDMDMHHLLCEIJCMAA.gene@poh.com> (raw)
I want to do the following
I have a primary server in my Hawaii office that clients(20.20.20.2) in
Hawai connect to.
Currently through straight forward routing they connect directly to the IP
4.4.4.2
I would like to have them connect to my firewall(3.3.3.2) and port forward
the connections to 4.4.4.2
that was done using iptables -t nat PREROUTING -s 20.20.20.2 -p tcp --dport
22 -j DNAT --to-destination 4.4.4.2
To provide an emergency backup should something happen to the main server in
Hawaii, I would like to change the PREROUTING to
-j DNAT --to-destination 6.6.6.2
I have set it up, but when I am looking at the packet trail I see it get to
my backup server, and then die, no return packets
are sent back to the client. Interesting note: I can gain access from the
clients direct to the backup server(i.e. from client station ssh 6.6.6.2),
but that takes my ability to switch to the backup in one spot at the
firewall. I have had pretty good luck with iptables in the past but this one
has me stumped.
Below is the network config.
client linux
20.20.20.2>--->router >-1.1.1.1-(WAN T1)--1.1.1.2->router
>-3.3.3.1--(LAN)--3.3.3.2-> firewall >-4.4.4.1--(LAN)--4.4.4.2-> main server
HAWAII 2.2.2.1 HAWAII
|
|
(WAN T1)
|
|
2.2.2.2 linux
router >-5.5.5.1--(LAN)--5.5.5.2-> firewall
>-6.6.6.1--(LAN)--6.6.6.2-> backup server
CALIFORNIA
Thanks
Gene Dellinger
IT Systems Engineer
POH, Inc.
next reply other threads:[~2005-10-07 3:32 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-10-07 3:32 Gene Dellinger [this message]
-- strict thread matches above, loose matches on Subject: below --
2006-02-14 20:48 dnat question James Edward Stickland
2006-02-15 0:23 ` Edmundo Carmona
2004-06-14 17:05 DNAT question Arnauts, Bert
2004-06-14 14:35 Arnauts, Bert
2004-06-14 14:51 ` Antony Stone
2004-06-14 15:12 ` John A. Sullivan III
2004-06-15 11:40 ` John A. Sullivan III
2004-03-12 2:14 Old Cowhand
2004-02-23 21:23 dnat question John Black
2004-02-24 4:18 ` John A. Sullivan III
2004-02-25 15:48 ` Antony Stone
2004-02-24 8:56 ` Antony Stone
[not found] <3F1FDDFB.469242E1@goyaike.com>
2003-07-24 14:15 ` DNAT question Chris Wilson
2003-07-25 2:41 ` Rio Martin.
2003-07-24 7:00 Rio Martin.
2003-07-24 8:29 ` Philip Craig
2003-07-24 8:56 ` Rio Martin.
2003-07-24 9:42 ` Chris Wilson
2003-07-24 13:37 ` Gonzalez, Federico
2003-07-24 14:16 ` Cedric Blancher
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=BOEKIIIKCIBKDMDMHHLLCEIJCMAA.gene@poh.com \
--to=gene@poh.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.