Use apache redirect instead of iptables. <br><br>If you want to use iptables you need a reverse rule. The DNAT will send packets to the new server. You need an SNAT rule that will accept packets FROM the new server and send them back to the client as the old server.<br>
<br>iptables -t nat -A POSTROUTING -s <a href="http://65.254.217.215">65.254.217.215</a> -j SNAT --to-source <a href="http://209.168.246.236">209.168.246.236</a><br><br>And you will need corresponding -j ACCEPT rules in -t filter FORWARDING section to allow return traffic to pass back through.<br>
<br><div class="gmail_quote">2008/11/23 Christoper Fowler <span dir="ltr"><<a href="mailto:cfowler@outpostsentinel.com">cfowler@outpostsentinel.com</a>></span><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div bgcolor="#ffffff" text="#000000">
I've moved a server to a new colo and I want to redirect services from<br>
the first colo to the second until the DNS change takes full effect.<br>
<br>
Here is what I've done.<br>
<br>
<b><tt><small>[root@demo tomcat]# ifconfig eth0:2 <a href="http://209.168.246.236" target="_blank">209.168.246.236</a> <br>
[root@demo tomcat]# iptables -t nat -A PREROUTING -d
<a href="http://209.168.246.236/32" target="_blank">209.168.246.236/32</a> -i eth0 -p tcp --dport 5000 -j DNAT
--to-destination <a href="http://65.254.217.214:5000" target="_blank">65.254.217.214:5000</a><br>
<br>
<small><br>
</small></small></tt><small><tt>[root@demo tomcat]# iptables -L -n -t
nat<br>
Chain PREROUTING (policy ACCEPT)<br>
target prot opt source destination <br>
REDIRECT tcp -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://209.168.246.234" target="_blank">209.168.246.234</a> tcp dpt:80
redir ports 5000 <br>
DNAT tcp -- <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://209.168.246.236" target="_blank">209.168.246.236</a> tcp
dpt:5000 to:<a href="http://65.254.217.214:5000" target="_blank">65.254.217.214:5000</a> <br>
<br>
Chain POSTROUTING (policy ACCEPT)<br>
target prot opt source destination <br>
<br>
Chain OUTPUT (policy ACCEPT)<br>
target prot opt source destination </tt></small></b>
<br>
<br>
It is not working. If I telnet <a href="http://209.168.246.236" target="_blank">209.168.246.236</a> 5000 from my desktop<br>
it seems to never conenct. Just times out. Can someone tell me<br>
what I did wrong?<br>
<br>
Thanks,<br>
Chris<br>
<br>
</div>
<br>_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br>-- <br>James P. Kinney III <br><br>