iptables/Nat question

[Pete Nesbitt]

On July 4, 2004 11:58 pm, Redhat Enterprise wrote:
> What i wanted to do  was to have 2 web servers having
> private IPs( Ex: 192.168.128.5 and 192.168.128.6 on
> the 255.255.255.0 subnet). The hub connecting these
> machines would be connected to my Linux firewall
> machine. In other words the private IPs are the ones
> that make my DMZ, I shall call this interface which is
> connected to the DMZ as eth1.
> What i want to do is redirect all requests to
> 64.24.12.45 to 192.168.128.5 and 64.24.12.46 to
> 192.168.128.6 at the moment i have no problem in doing
> the natting and everything related to send/receive
> from the 64.24.12.45.
> What i thought was to have a virtual interface and
> bind the other internet routable address to it, ex
> eth0:0. What are my options?
> Also how could i do the POSTROUTING SNAT if I cannot
> use virtual in terfaces?
>

Hi,
I'm not sure I understand your question. As I read it, you have 3 boxes, 2 
acting as web servers and 1 as a firewall. They are connected via a hub. It 
looks like the fw has at least 2 nics, one for the internet and one for the 
dmz (web server area), and probably a 3rd for internal LAN. I am presuming a 
recent release of RH (say 8 or newer)

You can add the static IP to the external ethernet by creating a "eth0:1" (not 
eth0:0). To do that manually, cp your /etc/sysconfig/network-scripts/eth0 to 
eth0:1. The edit the IP address and hard link it into 
/etc/sysconfig/networking/devices/ifcfg-eth0:1 
and 
/etc/sysconfig/networking/profiles/default/ifcfg-eth0:1

Your postrouting should show something in the way (all one line):
$IPTABLES -A POSTROUTING -t nat -p tcp -o $EXT_IF -s $WEB_SERVER_1 -j SNAT 
--to-source  $EXT_IP_1

$IPTABLES -A POSTROUTING -t nat -p tcp -o $EXT_IF -s $WEB_SERVER_2 -j SNAT 
--to-source  $EXT_IP_2

Hope that helps.
-- 
Pete Nesbitt, rhce