iptables/Nat question

Allan Jarina allancj at gmail.com
Tue Jul 6 09:42:16 UTC 2004 

In the webserver:
# /sbin/ifconfig eth0:0 192.168.128.5
# /sbin/ifconfig eth0:1 192.168.128.6

In the NAT firewall insert in the *nat table of /etc/sysconfig/iptables:
# vi /etc/sysconfig/iptables

-A PREROUTING -d 64.24.12.45 -j DNAT --to-destination 192.168.128.5
-A PREROUTING -d 64.24.12.46 -j DNAT --to-destination 192.168.128.5

# service iptables stop
# service iptables start

On Mon, 5 Jul 2004 21:50:21 -0700 (PDT), Redhat Enterprise
<redhat_help at yahoo.com> wrote:
> Hello group/Pete
> 
> I tried that, what i use is RH9.0. With it's iptables
> installation. Yes as U say there are 3 NICs. When i
> did what U said and initialized the FW script it says:
> warning: wiered character in interface 'eth0:1'(no
> aliases, ! or *)
> this follows on for all the lines which have the
> aliased IPs, for eth0:1 and eth2:1.
> 
> How could i get about doing this ?
> 
> TIA
> 
> 
> 
> 
> --- Pete Nesbitt <pete at linux1.ca> wrote:
> > On July 4, 2004 11:58 pm, Redhat Enterprise wrote:
> > > What i wanted to do  was to have 2 web servers
> > having
> > > private IPs( Ex: 192.168.128.5 and 192.168.128.6
> > on
> > > the 255.255.255.0 subnet). The hub connecting
> > these
> > > machines would be connected to my Linux firewall
> > > machine. In other words the private IPs are the
> > ones
> > > that make my DMZ, I shall call this interface
> > which is
> > > connected to the DMZ as eth1.
> > > What i want to do is redirect all requests to
> > > 64.24.12.45 to 192.168.128.5 and 64.24.12.46 to
> > > 192.168.128.6 at the moment i have no problem in
> > doing
> > > the natting and everything related to send/receive
> > > from the 64.24.12.45.
> > > What i thought was to have a virtual interface and
> > > bind the other internet routable address to it, ex
> > > eth0:0. What are my options?
> > > Also how could i do the POSTROUTING SNAT if I
> > cannot
> > > use virtual in terfaces?
> > >
> >
> > Hi,
> > I'm not sure I understand your question. As I read
> > it, you have 3 boxes, 2
> > acting as web servers and 1 as a firewall. They are
> > connected via a hub. It
> > looks like the fw has at least 2 nics, one for the
> > internet and one for the
> > dmz (web server area), and probably a 3rd for
> > internal LAN. I am presuming a
> > recent release of RH (say 8 or newer)
> >
> > You can add the static IP to the external ethernet
> > by creating a "eth0:1" (not
> > eth0:0). To do that manually, cp your
> > /etc/sysconfig/network-scripts/eth0 to
> > eth0:1. The edit the IP address and hard link it
> > into
> > /etc/sysconfig/networking/devices/ifcfg-eth0:1
> > and
> >
> /etc/sysconfig/networking/profiles/default/ifcfg-eth0:1
> >
> > Your postrouting should show something in the way
> > (all one line):
> > $IPTABLES -A POSTROUTING -t nat -p tcp -o $EXT_IF -s
> > $WEB_SERVER_1 -j SNAT
> > --to-source  $EXT_IP_1
> >
> > $IPTABLES -A POSTROUTING -t nat -p tcp -o $EXT_IF -s
> > $WEB_SERVER_2 -j SNAT
> > --to-source  $EXT_IP_2
> >
> > Hope that helps.
> > --
> > Pete Nesbitt, rhce
> >
> >
> > --
> > redhat-list mailing list
> > unsubscribe
> >
> mailto:redhat-list-request at redhat.com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
> 
>                
> __________________________________
> Do you Yahoo!?
> Yahoo! Mail - 50x more storage than other providers!
> 
> 
> http://promotions.yahoo.com/new_mail
> 
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>

More information about the redhat-list mailing list