- To: Peter Rundle <prundle@xxxxxxxxxxxxxx>
- Subject: Re: [SLUG] IPtables DNAT question
- From: Phil Scarratt <fil@xxxxxxxxxxx>
- Date: Fri, 20 Feb 2004 09:49:18 +1100
- Cc: slug@xxxxxxxxxxx
- User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6b) Gecko/20031205 Thunderbird/0.4
Peter Rundle wrote:
Sluggers,
I'm D'nating access to my web server via my Linux Gateway with this
statement.
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j DNAT --to
172.16.0.148
This works great as long as the default gateway on the web server
(172.16.0.148) points to the Linux Gateway.
However, I need to set the default gateway of the web server to
somewhere else (an alternate internet connection) When I do this the
reply packets never make it back to the gateway, and I have an asymetric
routing situation (Kinda as expected really).
My Question is;
Is there a complimentary iptables statement that I can use to SNAT's the
inbound packet so that the web server
see's the source as the Linux gateway hence the packet is returned there
where upon it is readdressed back to the real originating client in the
outside world?
I know that I can put Apache on the Linux Gateway and reverse-proxy
but... just wondering if there was
"a better way (tm)"
TIA's
P.
I've never had to use SNAT but it does exist, so presumably it can do
what you want it to. Checkout the man page for iptables or I'm sure
there's a howto somewhere.
Fil
SLUG Mailing List Archives